www.avanan.com Open in urlscan Pro
199.60.103.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh...
Effective URL:
https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%2...
Submission: On May 15 via manual (May 15th 2024, 3:45:57 pm UTC) from CA — Scanned from CA

Summary HTTP 178 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 52 IPs in 2 countries across 45 domains to perform 178 HTTP transactions. The main IP is 199.60.103.2, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.avanan.com. The Cisco Umbrella rank of the primary domain is 749663.
TLS certificate: Issued by GTS CA 1P5 on May 13th 2024. Valid for: 3 months.

This is the only time www.avanan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 59	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	172.67.142.245 172.67.142.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.253.115.95 172.253.115.95	15169 (GOOGLE) (GOOGLE)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.218.217.183 23.218.217.183	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.18.88.62 104.18.88.62	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.16.118.116 104.16.118.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.37.207 104.17.37.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.64.153.35 172.64.153.35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.176.91 104.17.176.91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.251.111.97 142.251.111.97	15169 (GOOGLE) (GOOGLE)
1	13.249.39.43 13.249.39.43	16509 (AMAZON-02) (AMAZON-02)
7	64.233.180.94 64.233.180.94	15169 (GOOGLE) (GOOGLE)
2 2	140.82.112.3 140.82.112.3	36459 (GITHUB) (GITHUB)
2	185.199.108.133 185.199.108.133	54113 (FASTLY) (FASTLY)
1	104.18.34.221 104.18.34.221	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	31.13.66.19 31.13.66.19	32934 (FACEBOOK) (FACEBOOK)
5	72.21.91.66 72.21.91.66	15133 (EDGECAST) (EDGECAST)
1	104.17.128.172 104.17.128.172	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.139.17 104.18.139.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.175.201 104.17.175.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.162.112.71 3.162.112.71	16509 (AMAZON-02) (AMAZON-02)
1	172.253.115.155 172.253.115.155	15169 (GOOGLE) (GOOGLE)
11	104.19.177.52 104.19.177.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.240.108 104.18.240.108	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1 3	142.251.16.105 142.251.16.105	15169 (GOOGLE) (GOOGLE)
3	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
11	23.205.106.73 23.205.106.73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	13.107.21.237 13.107.21.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.160.41.49 18.160.41.49	16509 (AMAZON-02) (AMAZON-02)
1	18.160.0.29 18.160.0.29	16509 (AMAZON-02) (AMAZON-02)
1	104.18.16.169 104.18.16.169	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.64.151.60 172.64.151.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.43.31 104.18.43.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.253.62.101 172.253.62.101	15169 (GOOGLE) (GOOGLE)
1	142.251.111.154 142.251.111.154	15169 (GOOGLE) (GOOGLE)
3	142.251.16.94 142.251.16.94	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.117.110.211 34.117.110.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.26.11.16 104.26.11.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.84.191.41 99.84.191.41	16509 (AMAZON-02) (AMAZON-02)
3	31.13.66.35 31.13.66.35	32934 (FACEBOOK) (FACEBOOK)
1	68.67.160.114 68.67.160.114	29990 (ASN-APPNEX) (ASN-APPNEX)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
1	99.84.191.75 99.84.191.75	16509 (AMAZON-02) (AMAZON-02)
1	99.84.191.13 99.84.191.13	16509 (AMAZON-02) (AMAZON-02)
178	52

59 199.60.103.2 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.avanan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.142.245 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.218.217.183 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-218-217-183.deploy.static.akamaitechnologies.com

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.88.62 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.16.118.116 (None, )

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.37.207 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.153.35 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.176.91 (None, )

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.111.97 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.39.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-43.iad89.r.cloudfront.net

lftracker.leadfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 64.233.180.94 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 140.82.112.3 (United States) 2 redirects

ASN36459 (GITHUB, US)
PTR: lb-140-82-112-3-iad.github.com

github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.199.108.133 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-108-133.github.com

raw.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.34.221 (None, )

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.21.91.66 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.139.17 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.175.201 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.162.112.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-112-71.iad61.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.115.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f155.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.19.177.52 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.240.108 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.16.105 (Farmingdale, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bl-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.205.106.73 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-73.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.41.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-41-49.iad55.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.0.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-0-29.iad12.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.16.169 (None, )

ASN13335 (CLOUDFLARENET, US)

ct.capterra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.60 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.43.31 (None, )

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.101 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f101.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.111.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.16.94 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.110.211 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.110.117.34.bc.googleusercontent.com

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.11.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.191.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-41.iad89.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.160.114 (Colonia, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.191.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-75.iad89.r.cloudfront.net

checkpointsoftwaretechnologiesincavanan.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.191.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-191-13.iad89.r.cloudfront.net

checkpointsoftwaretechnologiesincavanan.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	avanan.com 1 redirects www.avanan.com — Cisco Umbrella Rank: 749663	3 MB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5787 c.6sc.co — Cisco Umbrella Rank: 8716 ipv6.6sc.co — Cisco Umbrella Rank: 5928 b.6sc.co — Cisco Umbrella Rank: 3876	22 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 312	155 KB
8	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 12774 app.hubspot.com — Cisco Umbrella Rank: 5794 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4060 track.hubspot.com — Cisco Umbrella Rank: 2393 forms.hubspot.com — Cisco Umbrella Rank: 5442	9 KB
7	gstatic.com fonts.gstatic.com	82 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1357 syndication.twitter.com — Cisco Umbrella Rank: 1719	31 KB
6	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3593 px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619	163 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 154	451 B
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 89	4 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	158 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	427 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	275 B
3	google.ca www.google.ca — Cisco Umbrella Rank: 10035	191 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 26104 ibc-flow.techtarget.com — Cisco Umbrella Rank: 23444	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 345	14 KB
3	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 13925	2 KB
3	gartner.com www.gartner.com — Cisco Umbrella Rank: 53769	114 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	2 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1230	135 KB
2	insent.ai checkpointsoftwaretechnologiesincavanan.widget.insent.ai	23 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9185	714 B
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 47438 t.influ2.com — Cisco Umbrella Rank: 45302	3 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 742 script.hotjar.com — Cisco Umbrella Rank: 988	59 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
2	githubusercontent.com raw.githubusercontent.com — Cisco Umbrella Rank: 4538	123 KB
2	github.com 2 redirects github.com — Cisco Umbrella Rank: 2928	7 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	9 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 482	699 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 12178	741 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 7754	1 KB
1	capterra.com ct.capterra.com — Cisco Umbrella Rank: 55896	680 B
1	cloudfront.net d10lpsik1i8c69.cloudfront.net d26x5ounzdjojj.cloudfront.net Failed	3 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 533	306 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3473	1 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103	64 B
1	lfeeder.com tr.lfeeder.com — Cisco Umbrella Rank: 23957	294 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2225	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2189	23 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5201	88 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3146	4 KB
1	leadfeeder.com lftracker.leadfeeder.com — Cisco Umbrella Rank: 79137	11 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5709	6 KB
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 22736	7 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8737	2 KB
0	terminus.services Failed vidassets.terminus.services Failed
178	45

	Domain	Requested by
59	www.avanan.com	1 redirects www.avanan.com
11	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org www.avanan.com
7	b.6sc.co	www.avanan.com
7	fonts.gstatic.com	fonts.googleapis.com
5	platform.twitter.com	www.avanan.com platform.twitter.com
4	px.ads.linkedin.com	2 redirects www.avanan.com snap.licdn.com
4	connect.facebook.net	www.avanan.com connect.facebook.net
4	www.googletagmanager.com	www.avanan.com www.googletagmanager.com
3	track.hubspot.com
3	www.facebook.com	www.avanan.com connect.facebook.net
3	www.google.ca	www.avanan.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.avanan.com
3	googleads.g.doubleclick.net	www.avanan.com www.googletagmanager.com
3	www.google.com	1 redirects www.avanan.com
3	perf.hsforms.com	www.avanan.com
3	www.gartner.com	www.avanan.com www.gartner.com
3	fonts.googleapis.com	www.avanan.com
3	use.fontawesome.com	www.avanan.com use.fontawesome.com
2	checkpointsoftwaretechnologiesincavanan.widget.insent.ai	www.avanan.com checkpointsoftwaretechnologiesincavanan.widget.insent.ai
2	epsilon.6sense.com	j.6sc.co
2	ibc-flow.techtarget.com	trk.techtarget.com
2	analytics.google.com	www.googletagmanager.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	snap.licdn.com	js.hsadspixel.net www.googletagmanager.com
2	cta-service-cms2.hubspot.com	js.hscta.net
2	raw.githubusercontent.com	www.avanan.com
2	github.com	2 redirects
2	cdnjs.cloudflare.com	www.avanan.com www.gartner.com
1	forms.hubspot.com	js.hsleadflows.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	script.hotjar.com	static.hotjar.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	t.influ2.com	www.influ2.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	tracking.g2crowd.com	www.avanan.com
1	trk.techtarget.com	www.avanan.com
1	www.influ2.com	www.googletagmanager.com
1	ct.capterra.com	www.avanan.com
1	d10lpsik1i8c69.cloudfront.net	www.avanan.com
1	static.hotjar.com	www.googletagmanager.com
1	syndication.twitter.com	www.avanan.com
1	www.linkedin.com	1 redirects
1	geolocation.onetrust.com	cdn.cookielaw.org
1	api.hubapi.com	js.hsadspixel.net
1	app.hubspot.com	www.avanan.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	tr.lfeeder.com	www.avanan.com
1	js.hs-analytics.net	www.avanan.com
1	js.hs-banner.com	www.avanan.com
1	js.hsleadflows.net	www.avanan.com
1	js.hsadspixel.net	www.avanan.com
1	lftracker.leadfeeder.com	www.avanan.com
1	static.hsappstatic.net	www.avanan.com
1	js.hscta.net	www.avanan.com
1	no-cache.hubspot.com	www.avanan.com
1	cdn2.hubspot.net	www.avanan.com
1	platform.linkedin.com	www.avanan.com
0	vidassets.terminus.services Failed	www.googletagmanager.com
0	d26x5ounzdjojj.cloudfront.net Failed	www.avanan.com
178	61

This site contains links to these domains. Also see Links.

Domain
www.checkpoint.com
accounts.checkpoint.com
www.darkreading.com
github.com
careers.checkpoint.com
twitter.com
www.linkedin.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
www.avanan.com GTS CA 1P5	`2024-05-13` - `2024-08-11`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-03-29` - `2025-03-28`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hscta.net GTS CA 1P5	`2024-04-02` - `2024-07-01`	3 months	crt.sh
www.gartner.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-13`	a year	crt.sh
hsappstatic.net E1	`2024-05-08` - `2024-08-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.leadfeeder.com Amazon RSA 2048 M02	`2024-01-03` - `2025-02-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-23` - `2024-05-23`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hsadspixel.net E1	`2024-04-16` - `2024-07-15`	3 months	crt.sh
hsleadflows.net E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
hs-banner.com E1	`2024-04-01` - `2024-06-30`	3 months	crt.sh
hs-analytics.net GTS CA 1P5	`2024-04-13` - `2024-07-12`	3 months	crt.sh
*.lfeeder.com Amazon RSA 2048 M02	`2024-02-20` - `2025-03-20`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
hubapi.com E1	`2024-05-04` - `2024-08-02`	3 months	crt.sh
hsforms.com GTS CA 1P5	`2024-04-17` - `2024-07-16`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
syndication.twitter.com R3	`2024-04-06` - `2024-07-05`	3 months	crt.sh
6sc.co R3	`2024-04-09` - `2024-07-08`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
ct.capterra.com E1	`2024-04-23` - `2024-07-22`	3 months	crt.sh
influ2.com GTS CA 1D4	`2024-03-28` - `2024-06-26`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-05-06` - `2024-08-04`	3 months	crt.sh
t.influ2.com R3	`2024-03-18` - `2024-06-16`	3 months	crt.sh
luckyorange.net GTS CA 1P5	`2024-03-30` - `2024-06-28`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-23` - `2025-05-22`	a year	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Frame ID: F62000BBECD67FC1E107699F234DCA8B
Requests: 169 HTTP requests in this frame

Frame: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Frame ID: D4314C4E48A16EA0281DAE6193E9A205
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com
Frame ID: FFC1C83233177182CA6F2246B078549F
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 5909F8A17F96D27AA68409B644DD810C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 02F157100B47EE7B48BD659FC55C7F77
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff6383421cb95478e%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffcbc6d848d6baf57e%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&layout=button_count&locale=en_US&sdk=joey
Frame ID: 1AC5DD00204600D8EC6EF72EC275A3D3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c92382dd7d63b47%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffcbc6d848d6baf57e%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&layout=button_count&locale=en_US&sdk=joey
Frame ID: 0D0A6EC838FA1C6A5A16FCEF7D786DF0
Requests: 1 HTTP requests in this frame

Frame: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&event_listener=MXnk25RsQSNASdk&hubspot_cookies=[%2293a309a239f4698784456c2ded61e038%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: D67B47E90D25CBC4781FDCB780E39401
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Teams Attacks Continue to Spread

Page URL History Show full URLs

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95js... Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XS... HTTP 307
https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phis... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

178
Requests

96 %
HTTPS

0 %
IPv6

45
Domains

61
Subdomains

52
IPs

2
Countries

4339 kB
Transfer

9412 kB
Size

41
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.checkpoint.com/partners/channel/
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://accounts.checkpoint.com/#/login
Title: Go Now

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/perimeter/microsoft-teams-exploit-toll-autodeliver-malware
Title: Dark Reading

Search URL Search Domain Scan URL

URL: https://github.com/Octoberfest7/TeamsPhisher
Title: action

Search URL Search Domain Scan URL

URL: https://careers.checkpoint.com/?q=&module=cpcareers&a=search&fa%5B%5D=department_s%3AEmail%2520Security&sort=
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/AvananSecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/avanan/

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/privacy/cookies/
Title: Cookie Notice

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04 Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04?_ud=7d20a70b-3f50-456e-93a9-e9ef8dbf1f1f&_jss=1&_fl=8&_pl=5&_hc=48&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://github.com/Octoberfest7/TeamsPhisher/raw/main/img/TPmessage.JPG HTTP 302
https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPmessage.JPG

Request Chain 66

https://github.com/Octoberfest7/TeamsPhisher/raw/main/img/TPfile.JPG HTTP 302
https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPfile.JPG

Request Chain 103

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1715787951408%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog%252Fteams-attacks-continue-to-spread%253Futm_campaign%253DCampaign%252520-%252520PDF%252520Phishing%252520EMEA%252520APAC%2525204%25252F25%252520-%252520FY24%2526utm_medium%253Demail%2526_hsenc%253Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%2526_hsmi%253D304027062%2526utm_content%253D304027062%2526utm_source%253Dhs_automation%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true

Request Chain 110

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm=45He45d0n715JCRGPv6871859za200&auid=2078681402.1715787952 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm=45He45d0n715JCRGPv6871859za200&auid=2078681402.1715787952

178 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J...
www.avanan.com/e3t/Ctc/2H+113/ccGyW04/ 8 KB
4 KB 223ms
151ms Document
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 884441de7a05ab69-YYZ
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 15 May 2024 15:45:49 GMT
last-modified: Wed, 15 May 2024 15:45:49 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o5XxDELW%2Bs6TGNKUHCCJqfk46OIZAiuQ%2F3fcF9aLazAXskO1%2F6lE6Hr6%2BDSfR%2FGdYFzOyepHxIsg6RVn1yfQCWOKriVLhtngLCw58GEdeYSvZvpWea7Uh1SADqXq%2BvW1"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation-rules?url=www.avanan.com%2Fe3t%2FCtc%2F2H%2B113%2FccGyW04%2FMVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04"
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 33
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-544dd46489-km4fn
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 21e229c3-75c0-469b-9565-a055d9dfdacc
x-request-id: 21e229c3-75c0-469b-9565-a055d9dfdacc
x-robots-tag: none

GET
H3 500 speculation-rules
www.avanan.com/cdn-cgi/ 0
0 38ms
37ms Other
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fe3t%2FCtc%2F2H%2B113%2FccGyW04%2FMVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
referrer-policy: same-origin
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation-rules?url=www.avanan.com%2Fcdn-cgi%2Fspeculation-rules%3Furl%3Dwww.avanan.com%252Fe3t%252FCtc%252F2H%252B113%252FccGyW04%252FMVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04"
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mLTlQgnW2bmT5n5%2FmXyhj1SVwLG3vCSrqe8uF387jFU%2FELPKdKqZJDCSuJf1z5nfVveyuU8yYv8NrQuPDafWO3ZQmDd5HPj3zkfTQGtzGbp3hr9g3MtpmaBpZLm00Wu6"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 884441df6b19ab69-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 4294
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3

200

Primary Request teams-attacks-continue-to-spread Show response
www.avanan.com/blog/
Redirect Chain

https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7...
https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2...

85 KB
20 KB

132ms
132ms

Document
text/html

199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e7987029645823b1d06c8a857a7bd18cc16bc14d315aa6865d2251c8c3e7e1e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 884441e06c76ab69-YYZ
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 15 May 2024 15:45:50 GMT
edge-cache-tag: CT-123632260951,CG-4153530738,P-1835778,L-6416153737,CW-10828273430,CW-10828758285,CW-11124227288,CW-38920737000,E-5097885803,E-6067151804,E-6073351973,E-6073918834,E-6084513730,E-6476923280,PGS-ALL,SW-2,B-4153530738
etag: W/"67b179963e0319ef907a7cdf297af196"
last-modified: Sat, 11 May 2024 19:33:53 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sByjRhJxdbiKPXMKdymstBCCzup2V08kfAMGfcgrEACtMVp0DaM%2FfUOgcw%2FvUNxf1zUd1GJ3Pp4vctV1RoYQYWVsU9OySdE5ZtcoyyI%2F4R5c5qsiMHEl0Vu32zXHhlE0"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation-rules?url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 123632260951
x-hs-hub-id: 1835778
x-hs-prerendered: Sat, 11 May 2024 19:33:53 GMT

Redirect headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 884441dfbb8fab69-YYZ
content-security-policy: upgrade-insecure-requests
date: Wed, 15 May 2024 15:45:50 GMT
link: <https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation>; rel="canonical"
location: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJGMy5pxjjd3e7GX4Dpa9NJmOYUFzMN8mcb%2FJuz%2BsFpUTGciCvzg1CdhJ4GSF0Og7DypXdzDNT4YCJD2NvZzhWk77AOo2yxxVNWtJzhwiwRn9%2BX%2BhRJcGV2Vudo1LMnu"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 29
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-544dd46489-6qn2q
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: efb19d65-c807-4563-852a-4be47e77f5b5
x-request-id: efb19d65-c807-4563-852a-4be47e77f5b5
x-robots-tag: none

GET
H3 404 speculation-rules
www.avanan.com/cdn-cgi/ 0
0 126ms
126ms Other
application/speculationrules+json 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DgfPDtl%2BNcBZlmzx07WD7sC2iz3mEHoioeFf2yK95UKW1hUAE65JJ6HeygwR8aglTGpIkvafDQE1cdW7mQEYiYH8nrHfV4T8jx65kSXpZIE%2FZ9B5NtMT3psFUgp67DuF"}],"group":"cf-nel","max_age":604800}
content-type: application/speculationrules+json
cf-ray: 884441e20e8dab69-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 15

GET
H3 200 project.js Show response
www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 92ms
91ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 412b0215b557780a6efcc1651037dc90.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1387292
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pg6i06F6luFoYQqaz%2FmYPClCOEIPwyKtEwabuORvuugdSVBU8p7Y33QQzvBfShhAl8YgjfvidILAl08ROm4UwoRmlXIcjWwHWWNqBO3M4t4BoPxqLQTEYWew%2FeUfQIh4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884441e20e90ab69-YYZ
x-amz-cf-id: safPrPRZFdSUbys4RwHrEUGkY8J3m3VFFFHxnMM9qkAHAKbn4G5ASw==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 post_listing_asset.js Show response
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 108ms
108ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 b45dc877dacb6622decf2f047880d5ae.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1377531
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcst3qYSW3U%2FJp9o19CrDnyz2EMfydEbMLk9w0lXpfHoB88dxtFWzpicVJwpEHSyAkFlfg1sGeZL5kCdJPi9VP7KbGiMoNxfd3lE5XMGfbCN7fSShG6MRTe2sXj53VWa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884441e20e91ab69-YYZ
x-amz-cf-id: WSb3Xx8cKikiBUwHTfSLwHlBzOOZrYNRBqPBVqo5SVy6odq-L16T3w==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 jquery-1.11.2.js Show response
www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 99ms
99ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 1093497011694314ff008667ee2636c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1385111
x-amz-cf-pop: YTO50-P1
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foKKawyw5Eq0ewgEQn3CF1YI4YDoAIax7bf%2B3RAs2cjqyh%2FC3gmSGpK8MAZHUQ4GV%2F2MtMKoP8VroyXoGy3EPfnu0obi2xIT%2BRuz0LbcdjUlMyerY8ZlkxtilsMURPA9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884441e20e92ab69-YYZ
x-amz-cf-id: xzbTupiXQaR3TNduUlJ1AzyPJlfpZlVI2oQt4d_q-j48SabDIeiNow==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 module_38920737000_header-NEW.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1712764265097/ 350 B
2 KB 98ms
96ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1712764265097/module_38920737000_header-NEW.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 3XW11AWTNNQETW91
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d03acb35e50d52eba2de45e92772724e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1712764265097
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PsoI7QHYJZpQy8LhltCdFHueF5t1.6cH
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 65ff498e-3c20-49ea-8ddf-e48da7a94866
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 162
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5Tg57NoDTtNFC5BlKUEypoOOJHM1L21yKo/SknJar5UtyZeFWwPNA3IdQfLX1F6QnzeHiTd81B7c9fnFqKZo1zl48jF4b9G9
x-evy-trace-route-configuration: listener_https/all
x-request-id: 65ff498e-3c20-49ea-8ddf-e48da7a94866
last-modified: Wed, 10 Apr 2024 15:51:06 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=An2Ze9lcSLQzjC9rir4WrFBTLbRkO1K36M8vxPKnE1560Z%2FtYylrSx27wvcwq%2FULE4baqTrlc%2FByxyXNDJKNlzq%2FwBUAmNskX2RgAaj09nzHL7UquQ4we0bTXEe1HrW7"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 884441e20e99ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: 282m1LFqL7Swa5jWAptBO9xp1T3H4TtcWk8xBDmwqYt-Znn1h3XbWg==

GET
H3 200 reset.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/ 760 B
2 KB 124ms
119ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/reset.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E2R0HKZXDVKVES04
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"dd216fc74c067413933b3c64bb975273"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 6bc1c280aeef9bbdeb102c7f4e4f773e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: adg6Tcxw8bHaHALCZHMiZcGnIuL6f9nZ
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: ceeecaef-fed2-40f7-a49b-fe016672cb49
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WKUimgV+h/gimGbejQT7M6rGMSvoba4jMsNWO0zcilB1uHdiI6DM8BgnQ6FpSbbkkG6LLBu1Occ=
x-request-id: ceeecaef-fed2-40f7-a49b-fe016672cb49
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VtWNCbg4QPZA753Ur71Tznx4xqLOItzqhhF9qbC1X8%2FBEK%2Brit4YiyF5MFyptisMel%2BQQbDlHfuJ12sS1hl4LkIGsvWzyonpYCmZqsAB1tboJq2JZhDdkeCZnzU%2F2Qvk"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 884441e21e9cab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: sXHZQFwyU_vnb_6JXe6mvh8ryjvGiSGVE6_EbPennsMuHUECyTNesw==

GET
H3 200 module_11124227288_updated_blog_body.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/ 5 KB
3 KB 125ms
116ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/module_11124227288_updated_blog_body.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E2R1P4H8YW5Y2BDT
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"34740dad57e89fd2749c7cdb3497cb09"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298028261
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: HyZl6ue_xg82nZe3wq8kD7rN5WNVoPQi
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 94fc8511-f786-4ffa-a862-0ee11bece589
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 194
alt-svc: h3=":443"; ma=86400
x-amz-id-2: f8XE40G9dpuUrufMPL26p0+TOl9ajCIP8Ydz8n+MUNQTMeNS5/PQSlAD1OEWJfynG79UeHKeuw0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 94fc8511-f786-4ffa-a862-0ee11bece589
last-modified: Fri, 05 May 2023 14:47:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uH0xOhFbmDii9yayU640MtEYxguD3tP8z4GX6MFyVNfju0FysDyZrreibn7edTGTls2edFA0cZp5miJJVZshsyhzGFzjtEGqzmZEUzLcc5DXzIARjURiXQU%2FavU4rZVV"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 884441e21ea2ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: 1enidl8vbpZRg701PvE0934pNDP1TWwQAkHPUfwEdMWPOGV97I7sGw==

GET
H3 200 project.css
www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/ 720 B
1004 B 99ms
89ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 b17b94cbc6db5cb82e8f8d6e55e1e85a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1381544
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: 8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Mar 2024 20:21:22 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cYh84VuchfNmrBXcE0Hm6IA67R7kftmSLeZXYuDhB93O9jrRGGrTok7FMPXJ%2B2DQtjvcYlkeyuV91j3Vaag8xIqUT4g7jdxLkLirFgKY1KUvuaqOOHD%2BM0XgBUeKfJkT"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 884441e21ea9ab69-YYZ
x-amz-cf-id: _TKCQP04zmmQ6uIhzDU-rG_4c9yRPFV39MXyq_PwxzLj-96rjJwUwA==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 rss_post_listing.css
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
979 B 93ms
83ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 6477e7b623b71ec66bc28ed8e271db7e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1377531
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HVeAenu01eSO08OSW8FPgi3bJhDr%2FjnRHINpXqtlyBlBUORvdIa7PKy4%2FzCZ8MjeLfAChL1QwqN2EWXMI0kREoqkvtz3mhj5rCr4C4Zu5UV0WxPvy8AZPExIvr9B2Gqo"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 884441e21eacab69-YYZ
x-amz-cf-id: yVmk5mBscTAM011qBgU7kiywsaqQIwmGgZ6mMQcOUBspc4N-8uazJg==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 module_10828758285_updated-blog-cta-banner.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/ 43 B
1 KB 128ms
118ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/module_10828758285_updated-blog-cta-banner.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-request-id: HV2A79H3MD4MPCQB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: "5c9c72ede880a71bcb77cbc90d5183e2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233594853
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ltjXTsnFD2W5CxxF4UctYebNy2UB5hTD
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: de8b1c65-a8b5-489a-b330-255fbf94a84f
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 171
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-id-2: C/z1gSVqY/scl4eYbfeD8VExTpl8/VbYMOOzqTHW2C5NSGyjO2ymgrr8qsWfPfN24K+yV8J1ze08vz4S/r92bV33JI03+tpVr9h9kHH9O2E=
x-evy-trace-route-configuration: listener_https/all
x-request-id: de8b1c65-a8b5-489a-b330-255fbf94a84f
last-modified: Tue, 11 Apr 2023 17:19:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGcHVZsIbJTUp0%2BYFIOtpT0dV3dJ2HsBeBaDlQHnQ7AcWIxE%2FluE1qpaASqFsGQp%2BqMFxCMxTIF43QBpejLXhxCq0j2XaHIYwg1RqCDAxOocVyO8W5VoJJM9jSIV3mcP"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 884441e21eaeab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: oQ1a_FTYMk30GXtxmgLgFKGsOpW3UuuDYdX9V-KWiCTdzZ9tnRT83Q==

GET
H3 200 module_10828273430_updated-blog-footer.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/ 1022 B
2 KB 128ms
119ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/module_10828273430_updated-blog-footer.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E2RFKPZGSAYEDS78
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0db2aa71f1f3b6937b6f53dfa6ff0be5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233744378
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: t.xmjVBLpB.BylnQD5kN_qjPsk0xLKEI
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 61dd0fe0-d531-457b-839b-3c4834dd3496
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 244
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JsLIHPz6/roSWmLD4DbkSdoOGlJV7R+FOxg8/DscvnVuFk6KKgeWZZg0DqSMJEJXUkWUY44qxps=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 61dd0fe0-d531-457b-839b-3c4834dd3496
last-modified: Tue, 11 Apr 2023 17:22:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E92AcFkkokoYGHmI4uVd365FkgK2J746%2BiITNM17LQ4GL44jnO58o1kaL8XNvcNZMpNmOBOUL8zqHSH0XYnzoZcrh2snbp%2FdZ9l9kMMkJMQPsBhvGCnjszk4SXWirGWW"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
access-control-allow-credentials: false
cf-ray: 884441e21eafab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: g9iyPtnhAT1o_SjyCkyshaqL4QWljUfG2XIgiFoImL_Fz6tGi1Cq2A==

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
10 KB 94ms
30ms Stylesheet
text/css 172.67.142.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.142.245 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 684658
etag: W/"20a9ce516eaea76da29a23adc43e8998"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MPSYKPlc617fhAtdoqr14tO4SbGQD1XWCCudHXifPmQiovBaGGyaAlpWyopG3teUo5nXJe6b%2B68RDMBSKbjEuU3MuQG4AnM0qFptYS35zo4gBUXf7rvGRpK2Ll6giMn1YRjsXmIF"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 884441e27d3eac57-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 132ms
52ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

1b5055f0e4f12757f77cb6a296d6dcf95a02784c987731892dcfa730d12dd0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 May 2024 15:45:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 May 2024 15:45:50 GMT

GET
H3 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/ 2 KB
1 KB 53ms
28ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/js.cookie.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 585596
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 767
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fDlH2uP2Q5K47R5HV%2BQXjawOyYRua7Dv79sdKweJPr5zpt5LwuM%2FjaDjdpFRPiQy%2FLGCyEZNg53vKrgf53d1MFnSRjB55P7CiZkypogcq4Er1RN%2FyPR2fRhnItAtC2OfZMCdxWZ3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 884441e23a7239cf-YYZ
expires: Mon, 05 May 2025 15:45:50 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 130ms
32ms Script
text/javascript 23.218.217.183
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.217.183 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-218-217-183.deploy.static.akamaitechnologies.com

Software

Play /

Resource Hash

39711d4f5497a9c5b6265ff9ba251549d0f44834c0eabeffdb044a79546f3e71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV4
server: Play
x-li-pop: prod-lva1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lva1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163629
x-li-uuid: AAYYf5R/dJoylLi8cVDjtA==
expires: Wed, 15 May 2024 16:14:51 GMT

GET
H3 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1715363862403/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 65ms
38ms Stylesheet
text/css 104.18.88.62
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1715363862403/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.88.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 424024
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1715363863028
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e3e21580-8322-4cdc-9abc-b9ff2ed18b1d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 171
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e3e21580-8322-4cdc-9abc-b9ff2ed18b1d
last-modified: Fri, 10 May 2024 17:57:44 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2js%2BhuijFRQeD4xqSJnZIeT9sXOzOhgsbr1wbv5pe46eGZceomWfL14Vog9NeGzNZpgDuNgeUQl1VkWoj88as9WMh31KQUTCPY%2FhMkEHahqfqUrlVnou9iQcUo0WOI%2Ba00Y%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6f9f79465b-4f62g
cf-ray: 884441e23a9eaaa1-YYZ
timing-allow-origin: cdn2.hubspot.net

GET
H3 200 gradient.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/ 120 KB
20 KB 309ms
302ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E2R45Y622J2SZC2W
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"336dca61498fc7140b09ba03ed7bf73f"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Np0IHzSsaoWIRo2pA7QSOE6GTgUdVUIS
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 3b4c3f34-aa70-44dd-93bd-7ae47ced0b4b
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 281
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pp/SV7WAAce7NO4bDjvnGrgh5mFha5lprL/2Zdes2WPQxePlanSpbfc3wK94hYykxCeF/E55M00=
x-request-id: 3b4c3f34-aa70-44dd-93bd-7ae47ced0b4b
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gDkZ5oE0pBGrOfyCFtvspJ4suqfdDzGz1IU0o8M0eOAq5H6mEpeSLhQ8%2BoHmfwW03xZFG%2BSXlBPAbcVow7Cb8%2Bj5bG2ZDfJeTGMBESxwx1yUuOBqJ88uP1%2F7DfM3gI6Z"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-ts7f8
access-control-allow-credentials: false
cf-ray: 884441e21eb0ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: 9ONM-is2sZtFIDty_OLAovbc7QlClegCWDSxLKB2dWmLzwCjKKE5EQ==

GET
H3 200 template.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/ 193 KB
34 KB 109ms
102ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1980
x-amz-request-id: H6P12RND6B1FDEAY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c532cb73709fa483616feef093f4d595"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693338323621
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 d1cde188ada6755fe03b8541b71fce4a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V4U7qS8p16YQ5afAoV9tdACdkHL_IvNE
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9d47971d-5905-4e23-830f-8caafc3e7777
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 241
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MBDyN06avslZqM71zaYT5B195PGiMd1Y/iUZXFIb8YaDThoXQMG/9EPVhZreAk/Ly0UWWhhyDI4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9d47971d-5905-4e23-830f-8caafc3e7777
last-modified: Tue, 29 Aug 2023 19:45:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PpYTGqgysP38xrULRbvs52dNOkKopucH44713PaKDyZCGdQG55oJ7hHuoR%2FmdRzLz0BEvfqM0YtdH%2Fveq6U76VRQJg9VIqFtITs%2BV%2B5alC4BUP8D%2BYjPGH0Y%2BXstxVU0"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 884441e21eb3ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: I1tK5DhtSnN2gq2ACMu_BQPuZFVCBbLPSwIhDqAXDuFgNSSZMwdQPA==

GET
H3 200 animate.css
www.avanan.com/hubfs/website/code/css/vendor/ 76 KB
6 KB 127ms
120ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/animate.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 67dd4d73b80aece69a8e725c6d612b6e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: M92VFTKVET9DAA2Q
content-encoding: br
edge-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: DNimaXPyQx0q8PYRQbkCSZdSE0X.bmnJ
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8XrhpF7jOkNmwLih3/I0AFGDEZR2iL1mdOCIgjmkojPRlHAKSgOfbUp0EUH8wzr/yfwg+k1WC9aQrCXEUg6gAA==
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"d96b2083b0acbb11911bb4f068158299"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0M5ljFz0FS08oepe6ultizOwLTLWFJ0WzUOW9PKc7KF0yq%2FGUpIGl%2FWks6cvOgRGi%2BPo8tcHHM1kfQdW1SvLHadcvGfGvX0xIjHOl4OjuBep0nSAmuO1%2B0LV1z%2FlqEdR"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e21eb5ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ohAWqwCYe3srVr13L5i_4YfxqCHg06AqJClgDzHJKrO5IcZQEwMJ_g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.megamenu.css
www.avanan.com/hubfs/website/code/css/vendor/ 4 KB
2 KB 127ms
121ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/hs.megamenu.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 777f4a7ed43b40353f84311869e119c8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: TA2E3V2DVQTD570H
content-encoding: br
edge-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: xY1xlt9wqfq8h7_kClSamJ0VluM_5ZF9
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WSo50o2m4i5qhloQAzNVpku3N6uFby/Sne5YNAbjrKoRkW898V6EpYMlGSqPegQ3yEp18qFAbXU=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"c46d4ef35d114216ae8c0fe4137c84d5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQ0B3cvBuXLLEH%2BXItH4kfAFFc6Gv%2BO74MiIDfMmRT1pSG0OgVGRqd0s42zBNj6QVyC6F9djqN94RbzX0aLexTge5tiLi%2B08qK79q1xhWS2%2BskJpKf7rFsvxy1B4sPIk"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e21eb9ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: Y7l_MIIFCnlrGBuN7EoaNpOrKkZgP0zJpU6memRYN7DE9OD8tDEXYA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 dzsparallaxer.css
www.avanan.com/hubfs/website/code/css/vendor/ 19 KB
5 KB 90ms
86ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/dzsparallaxer.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cdd327922be1fd75b18f2ae0982269cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3A9DBKE92XYHS39
content-encoding: br
edge-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: OQfzSS0e1XiUHyu7fgd1SQC64WCGDBlx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EChEiaQjzDfY0NIzp7+wVfJuBP7I1yYm5B1vILF2DOIMUrdxIGA3k7wuhRNdoX6ueV6Nq0IMuho=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"319d193fcbeb97bbd3c83a72ee3dac65"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6v2mVqfCSj7aID8jh1qEY7uWCvAGvTu2%2BfiugtcvmGo9HvX6knTV6m%2BRBJ2f1kvQQ%2FA7hVFAqwd0voz9vAFJFYZeI%2FrQ6OT3y54k1hOGiNLhLM0dMPL4QXHT9qMcu34v"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e21ebcab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: avZIbYkHhhlR4hpZRoubFor-5Cl6pGwuc3vdBuFw4XtuzxLQH0rQAg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 custombox.min.css
www.avanan.com/hubfs/website/code/css/vendor/ 41 KB
5 KB 92ms
88ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/custombox.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cdd327922be1fd75b18f2ae0982269cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3ABHXQVRZTRTTVV
content-encoding: br
edge-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: 7rgoaYxL_.zq0Q9pSWvug18ufCSiqriy
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hn/eNjowK8iHAt5PrnA9HH1hCyDQCnVOW/h4lJ0dPo7PsCevVnoffKEjCsFDMQaum+7LEFIwy5E=
last-modified: Thu, 29 Aug 2019 14:21:43 GMT
server: cloudflare
etag: W/"3546f0274dff535bcf97625374c1c7cf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wD9HXPhVkfeLFgLSHwoPpF92HXkQUCBGA7UQbIxJW4iIpY4Dti43B23aF2sFewwy1UrROIQwogNnuQmWemdAxPrdaG9VinSwmkLc6UvPaXR%2FjfVPlxU0pqxwTZ3M18ii"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e21ebdab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: bdJeVwiuE0AGpCcOB-VxSrZ8mCzECikSEBMUr8GMfPlR0Fnw3m8vQw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 theme.css
www.avanan.com/hubfs/website/code/css/ 393 KB
55 KB 128ms
123ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/theme.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
age: 65648
x-amz-request-id: R3AERGEYX3J4CGQN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"dd24981f95399e7f2d5674114004c268"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1566500436528
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 d03af248468c898a111754f0666c2316.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .VuZQK18yvpctq7eWnfEjZ9JXuCTwHN5
x-amz-cf-pop: YTO50-P2
x-cache: RefreshHit from cloudfront
cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ydh12tixP+gFnnUKZaK7IxIeIyyeVr3Ta/4LZ0FdHhiOcAZieh9xA+uKu7cl5z9H649iVTK0eX9VNBm7EeBiug==
last-modified: Tue, 29 Aug 2023 17:12:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HRoulRu%2FdwPRlWgX0UUBp0Rgwksjnmwbvc%2BYFm8D9M%2BYy7EegeeI%2FPmU5gF6hF5m69VujUVWdpoleNVpVPgCoHFwMex7EQ3asr99viMwzwEhfTQ8K0tvd8Egb6GeVeG"}],"group":"cf-nel","max_age":604800}
cf-ray: 884441e21ebeab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: nXZt60pOiFR6NnNkR6JTqnHJEahDh9uMpF8V5iGsZ6rEyKDOL44Jmw==

GET
H3 200 header-slim.css
www.avanan.com/hubfs/website/code/css/components/ 84 KB
10 KB 138ms
134ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/components/header-slim.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
age: 65648
x-amz-request-id: TA2F5HHCXJVXS8K1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"b144dc1e3369574aa43f95d44261c80b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1590586777336
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 e6bfe249d47d39a52673337cf444c9ce.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 42YSFG0lTWtnZ.W1lT05OT2Zcvw1os6c
x-amz-cf-pop: YTO50-P2
x-cache: RefreshHit from cloudfront
cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: F4pfqhJUej227E0J/rYmMlfkDhccSX0i3BYFfpYb9g8b7dHsSB5+aC/MC1tDQDfxOIZ4JGTOns8trLgJAYE/bw==
last-modified: Fri, 08 Oct 2021 20:18:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3amIBD7cXUcX9Xx3Y2iPHvDVEQfB9I75aEarx0W5r%2Fbhv0NH7AEkzgdH93nYgHUP%2FXTfxgrRs9FlGCnXuN3MR6bCqzXimzNJe9m%2FIgpmmFao5YQyGTKwHkatC3Vk9Ly4"}],"group":"cf-nel","max_age":604800}
cf-ray: 884441e21ebfab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: wSp0vCC8njXFhB6kuLO4Z6_O9Jm24wc-vdYiEmetqY5eVO-eIOupUw==

GET
H2 200 css
fonts.googleapis.com/ 5 KB
597 B 126ms
53ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

cab0bd7418905a8b7ac2510a8708b4bcb01af80459e20265582d4d96ae931c06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 May 2024 15:45:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 May 2024 15:45:50 GMT

GET
H3 200 How-Safe-Are-Your-Emails-featured.png
www.avanan.com/hubfs/website/img/infographics/ 621 KB
622 KB 138ms
135ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/infographics/How-Safe-Are-Your-Emails-featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
age: 65648
x-amz-request-id: R3ABW0KV4EAR3E3N
x-amz-server-side-encryption: AES256
edge-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="How-Safe-Are-Your-Emails-featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c633bdada0f0b6b3a8ed9923b6fb540b"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1628160146967
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 fa19153a28b66c7bbfaddbf2e4a92f90.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .d7FqQt._o1Rnh6A1lokFj0_Ws48Edpl
x-amz-cf-pop: YTO50-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=866167
x-cache: RefreshHit from cloudfront
cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 635542
x-amz-id-2: HxLHffdZFa20oh0hmmlSIcyLOg/7dfC8SQoinnZyOZzoaiDoMLjkZhjVByssfBi9UUh6aIx+JrE=
last-modified: Thu, 05 Aug 2021 10:42:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ylskbiV8Jl5VGWFrr309RyZg%2FFQzkyrH1yAhNk7KzWmvXlUfRgdzaB4%2Fxt6YDAWHEvgyNvEgls%2FW9CKVdvdJQCYSF6ZPCbbV4sWnhO722hNYKQqITpxBi4S4A0Y0xyix"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e21ec0ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: u7GG0qdoYI23rfPV_fM-1WZNiH5V7D1jPYz4_SjbQaY-d2khQkbseg==

GET
H3 200 av-cp-logo.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
28 KB 178ms
175ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
age: 65648
x-amz-request-id: TA216DHZ1FBZF8AT
x-amz-server-side-encryption: AES256
edge-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="av-cp-logo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "54f8e06ea392f631745f18834b4f75fc"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1633720390182
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 53d47b61433f6e1682b806fc166731be.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ihC_xVZudFnTMh6T1X7C3_Yl8xLb15Oa
x-amz-cf-pop: YTO50-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=45855
x-cache: RefreshHit from cloudfront
cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27014
x-amz-id-2: MrKfsd0qwMTr0S9eP12m089Hz2GlSGZE3abV0OPv24I73cJY2OwPqt7b4XGLwAj28JfFsT0h6tZpACmFjRT8ZTut8rg+sLZVS9blGDgfssY=
last-modified: Fri, 08 Oct 2021 19:13:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bUQ5h1g6HPZB53rJUSMiaYR1FQGTEWtoD2pc6e3A0Hvtey79ooahLGycm0Tz9Sg1FyyIExreJwlR7yeP%2FrJ0wDWmwlBAju%2FZJtROoZlr2QRbdEdyoQnNlOntsTRGEfIC"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e21ec1ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: qppP8dox3f8DLPivSK4nGBeAjwUsZqxEM0PpZVYBMJTsXfsJSdaYEg==

GET
H3 200 documentation.png
www.avanan.com/hubfs/website/img/nav/ 3 KB
4 KB 253ms
252ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/documentation.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea2f518f11ff45604fad154b83f97feed748ccb0bf3ea084024685b2e2846355

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 1f0f1388abc5c7a2f1935aa322216120.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: ZN1YBN87FNM2TFD6
x-amz-version-id: V87Vzt5MSqkUDoZ5asBko88rN0wJ5iGd
edge-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 3416
x-amz-id-2: 451FZuX3IXe3/3qPUlR86n+kekpPH0HrjVmq6RxcXeCRAbRb0lT9KRRkCTNu6H7m+Ib6FlJK1k47LKjy5/QpuQ==
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
etag: "f4d503cd55e042264b3bbd74f58ac560"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78D9gne2oRkyj3ne2dCkfAKA6X2qlRhoFeVgkkoOIgS5b%2BGJLyJLk55gWNDQLzrKtlGQLc2CJeCdimRBsYFi8q%2BY5Ewsr7vNsnjpgycCwh8WnP4JGCgv%2FtAv6335UW1A"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e33872ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: UzmQ0EmEDOlNrT8tRojfqU_xKcymJQCDp-sjq3KQOjlWK7ZnQF4aWQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 open-ticket.png
www.avanan.com/hubfs/website/img/nav/ 3 KB
4 KB 265ms
264ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/open-ticket.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d49ca90e19dcd3e070c90b7da3e1cbf7117383e512e4fe80d5f7cfa412b77c83

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 24c2a7b3c7e677d544aa5e2a7eb85b4e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: F5S9ZF685NMX2C5Z
x-amz-version-id: 0c9cY9eUX.md23IeRyXXqhmeaLhfDOS6
edge-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 3180
x-amz-id-2: 12g2YpmVMzofCW+IAGfDjw6uEyQy2zWDztPG/DgwRKNuSPuizoa9hh1SExSuub6CMCmMf0Jxxpo=
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
etag: "9034a241fdd02e0d9dc532075852965e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ovP2XGKZaPoxFyj3VhugrcPL9SBwjKxa%2BGd3Fk%2BuvvWQWv%2BUNxP8zhbbxY3xJpFCQgToTI0P9Y2j8pkH8XFbF4MuxuQJVvUggNwLpIs207BTEnD1I7%2F7l10WrEc99MR"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e35899ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: kEh5Oa36OOtF9gihkS5d7drrpEp0Oewf0U5RN6eG4jicxaPrCLV2-g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 jeremy_fuchs-1.png
www.avanan.com/hubfs/website/img/people/ 1009 KB
1011 KB 83ms
81ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/people/jeremy_fuchs-1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
age: 47902
x-amz-request-id: 984V18DVRK4JDNG4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
content-disposition: inline; filename="jeremy_fuchs-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f708d6febff5bc6d07172bd7465dd726"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 7d7c52d1848969f2077d9502aa06f40e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nQ.kuHwFXuupsUc1qfCvxdS2PMk7c1js
x-amz-cf-pop: YUL62-P2
cf-polished: origFmt=png, origSize=1632605
x-cache: RefreshHit from cloudfront
cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1033412
x-amz-id-2: ZVtZNbtmB656NjQCKXFDLuAxwTJmSbODK8AazamvgSJPEggKiC4x8iL2hIqbEbj9vfssMjZB/uA=
last-modified: Tue, 31 Mar 2020 14:03:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wUGt3jAKRl8qJzYd1ydxWzByN%2FzJT6vFrbWMNWOVJcDm7PdhIqCKxtHcojpg9sZW8ywsFxSvhyCz%2B%2BEC7QaMiSAq1zoOBHqE3qVZ9%2BEufxdjQ0KK9ZGgGwhSQ1l%2BJGZK"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e3a90bab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ylqVUlb3f--JyE7kaUUxaOy2rqTVsjfHNU_AqqNbkn0Pyn9nytxASA==

GET
H3 200 teams%20attack.png
www.avanan.com/hubfs/website/img/blog/featured/ 54 KB
55 KB 333ms
324ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/teams%20attack.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbcdfdd67e7238d3ee51721fb9ed7c8b49b3dd7c40e065df51f6cfcb87229aa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65995169907,FD-11279853394,P-1835778,FLS-ALL
x-amz-request-id: HMR2QEK1BWP82WP9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65995169907,FD-11279853394,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "a4e48a95ad861091386edca5c62f7763"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1644521573441
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 4698560343897987b5ef826f71e0fcb0.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: L4v3ibhK.gWWDWg4y_JJ8Fcj9569dDqk
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-65995169907,FD-11279853394,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 54964
x-amz-id-2: rEYRF9P97VZ9EqBIWPYN93FtTKS4JfFRym+URiwrKsUkAA/V70HpRaqUIbjDxR1Z8lvS1Ixw0s8=
last-modified: Thu, 10 Feb 2022 19:33:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOl1oKUNi9oeuBCi0Z%2BkBKF5u9VxCCTpLL4qcbgxbjiK%2FJgR%2FFZ%2BhoXvlAOHm1mAUWTLYXc5I8GN5Gpi8HVUQQjkybKHp2cZKg35zVOCAm8llHwZ1dUcYcaVfJQF%2BQ51"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e3b939ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: uJZ0NpzUpxh16po4Fynx2tGJRChjaEgRi6ZBXKxLaCdndFZkw6_yzQ==

GET
H3 200 Featured%20Images%20-%202023-06-22T113158.719.png
www.avanan.com/hubfs/ 33 KB
35 KB 232ms
224ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/Featured%20Images%20-%202023-06-22T113158.719.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9118d0e3bfe5dad7fe02af6c3d290ca33a55e1e6bf41e0b529dd6bd2209f5b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-121869329843,P-1835778,FLS-ALL
x-amz-request-id: Y18Q9YTSVPKKKQT9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121869329843,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "e0a76e6573ae7bef783781d20348af83"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687447930945
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PpaCcGk5hyyqCkW6Yo46A4H_kuo_5U36
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121869329843,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 34120
x-amz-id-2: f4qGHLlxsNTfdkI2L5LVtNWXeu50I0EX8oSNrcoYDOvrw+nZUPYeBNSBZAM3bs7M9Hs7bnluKGA=
last-modified: Thu, 22 Jun 2023 15:32:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHy0AUmINGb9isZAEEkMk9hvahN4fDQR0QwLydD2g2dAaJqL9W21h2LPVm%2FWpozFOrkZuAg%2BOsmAR%2BVKrCpzrJbhR%2BV6%2ByGlg9pkLZ%2B3y3djN9H%2FU0lPbjn79vCswIQp"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e3b93bab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: lfvN7yo_ke417hN6V_zrxxAOwI8wSfntEWrwMLjz0DCVBGWMXdGTZA==

GET
H2 200 c953fa87-efa0-494e-9947-98ffe764fcd8.png
no-cache.hubspot.com/cta/default/1835778/ 1 KB
2 KB 141ms
89ms Image
image/png 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1835778/c953fa87-efa0-494e-9947-98ffe764fcd8.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: FC0HXRMW4K441BME
x-amz-server-side-encryption: AES256
content-length: 1111
x-amz-id-2: MzfK9lZ5d76WsiICvu8RX3qEavSfeTwq7jxX9kS9pmWJVRRM582O1E0M2rhT+LaEkfIlxJcIj3I=
last-modified: Fri, 24 Jul 2020 18:46:48 GMT
server: cloudflare
etag: "af14e3eef5578014fe49b0f4a662ac5c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OP%2B5Xc7hdvX5UBqfQfBLoa7OUmVGvOo%2F%2B58ZkKKcOAZbinBg%2BGejl46Kfej8ctSAz1ZgVo27NmLALtuau8FTxvsabEBt%2Fm%2B4pgxbwAzJz3FfjYszGcjGZ5mnaN4ukJwd4yfEaQOv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 884441e40b5e36c2-YYZ

GET
H2 200 current.js Show response
js.hscta.net/cta/ 18 KB
7 KB 95ms
33ms Script
application/javascript 104.17.37.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.37.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
age: 537
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.292/bundles/current.js&cfRay=884434c508f739f2-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"6d8dd07e8368ff52cc7dcb421189093b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.292/bundles/current.js
date: Wed, 15 May 2024 15:45:50 GMT
x-amz-version-id: 6dYEpr.GOIl1ONbJkQvzy0C6ZtehNCz3
via: 1.1 ea42f57e1e0a065bc1c1c637f97d3be4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD61-P1
x-hubspot-correlation-id: 7737618f-3e0b-4e3f-8367-b7014845ab2f
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: 7737618f-3e0b-4e3f-8367-b7014845ab2f
last-modified: Thu, 09 May 2024 14:05:37 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-9c6mc
cf-ray: 884441e408f3546d-YYZ
x-amz-cf-id: sjMcnLDkxSLzgDEmQ-8reqlJFdZJwetILaGG_oKkJjPOGmjraYQmWw==

GET
H2 200 widget.js Show response
www.gartner.com/reviews/public/Widget/js/ 9 KB
3 KB 92ms
30ms Script
application/javascript 172.64.153.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.35 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 867cdc7355d82d6fb8019a89043be06c9e565f14f2775f849b69cb1e5f4feb2a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
cf-cache-status: HIT
age: 1779918
x-powered-by: Express
x-envoy-upstream-service-time: 4
server-timing: dtSInfo;desc="0", dtRpid;desc="-1089075981"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 17 Apr 2024 11:07:58 GMT
server: cloudflare
etag: W/"2448-18eebbdf2b0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
cf-ray: 884441e40d2336bf-YYZ

GET
H3 200 av-cp-logo-wht.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
28 KB 201ms
194ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo-wht.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
age: 65648
x-amz-request-id: R3A52SY0TTJ8EGG2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="av-cp-logo-wht.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "6b25c756c0ec059c8b971ac07c1a44e2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1634845767354
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 53d47b61433f6e1682b806fc166731be.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: r2zJbm9CEK3FOJ9Q8VqLC35kT_FW.6aY
x-amz-cf-pop: YTO50-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=46170
x-cache: RefreshHit from cloudfront
cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27120
x-amz-id-2: iqjeOAoImqP+WnRxAwLeI8Gst+G8Vm62peFsGROSlX4UsMjnNiVkwnWV8DBE3E/59Rq89bQUrsM=
last-modified: Thu, 21 Oct 2021 19:49:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VxFZO2b1SXkJpYJveC6X8xaBvwnF5jftfIPqF1w5kN9%2F3OrIZm%2FoJNTbiQFSPFwrU1W%2FjEayAHQ%2FrfNFZXAqClJ4e8B2eB6vB47Eq6lSOTJrQt81vc%2B1cOmElfsC5rQR"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441e3b93eab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ZVuHh1j6YAvJ4lFi2LO-Z5BrQVH8h82xf_FTG_KTFf9v7h17j_mXtg==

GET
H3 200 soc-2-cert.png
www.avanan.com/hubfs/website/img/icons/ 43 KB
44 KB 278ms
271ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/icons/soc-2-cert.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

135605a67753022e50323925dccf6f75cba6b768d849ad04767bcb24cd453037

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 bccdd9eb44a87c0c46b5374545a79a04.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: FC0YMK7CZS3TQE96
x-amz-version-id: ENN2NKV.l.gZzdTLCJgVyrfErf7Uu3mK
edge-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 44339
x-amz-id-2: 4ck8vXK9WT47gtKuznPTGqKpCr1jOL/hfKD52fwnwGEbdRzCep2TGlG9ECuTmEN5ZzKLUz3mSaKksPFAeV08Y7ohvk5kDE39zdiKKKRvSDU=
last-modified: Wed, 08 Jan 2020 19:24:41 GMT
server: cloudflare
etag: "2242d63f47a733e65cdebd6f3be3a08a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1vpYJrpKYS7WFxu3h5uri2HZSfdW%2BgYPYvkbxLf9nu5tMcCdq3iE7mRgcrJB3Fkk0DvMoNrFituam5J90YGmKBnGC9fruIgUKOXSKhfVBMPMuvh5o6r8YRmeU7esqUVB"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e3b93fab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: KTtTR3zSuWOQqKPCkdUDm7rjW9_v2qhJIND5B8FOQ5EvaW6PWQ_cAQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.840/ 13 KB
6 KB 106ms
51ms Script
application/javascript 104.17.176.91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.176.91 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
x-amz-version-id: e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via: 1.1 4076c9a26c97a2e765053f508fa5d748.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: YTO50-P1
age: 1378366
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 Apr 2024 16:01:41 GMT
server: cloudflare
etag: W/"3a4474324e070674ecd017b9d44b9c99"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNwyD%2BToXmnRw%2F7rqh1SKZLIisXv9zXJXli%2B88qjhWS5%2Fl1kJ0gS5FT3tzDthPR2FjjHB22UVuGOcs7eMsbsWTM%2FXzH2sKzceSbspGdbwEaWI452ZSv2SoE5aWGUYyfRPF9mwQRJL54%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884441e40a73387e-YYZ
x-amz-cf-id: Rso1COoeckSczrQiFpXvUJ1vXI7_YfCXdnCHnInGxGjkqOKTCL8y8Q==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 jquery.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/ 142 KB
38 KB 182ms
178ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/jquery.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: VNNADG0MXT2A9N1G
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"58abfaae2dedf59326b2ea681f828a06"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ebM6Jbr9unIlIJHsCtn.BkHxdP32W5Tn
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: ca9ef646-1568-4eba-8a43-73546637abc0
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 228
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Gl7in9UUjfbgpFcMPkKZ1eIhVmYW/w82brSe0tkZW/aVDp3U3c1EF1RH4NkypsEze8Ory7db4G4=
x-request-id: ca9ef646-1568-4eba-8a43-73546637abc0
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2mGStaqgXVcwS3JoDTIbxI4tYJctSxyb7CqHImxky7%2Bm6Iw3FtBLR%2BTaam2y6%2BZRrECt5IVSKen5cpHFBqU52OJj6GxKm6H%2BpNHl0Tq67TRxKMj563Rnl97rKWl4O2t"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 884441e3a911ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: NUyTdCl80KPPIqA2tSxjFnv-C7FpeqYobYxFapO2PkRVrjgblrNShA==

GET
H3 200 bootstrap.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/ 112 KB
22 KB 185ms
180ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/bootstrap.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: HV220ER7B65G4CVS
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d810a38ca2781735a27cba0625a027db"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3IDp6mXhqSOlZQ4n6QKdC4Peyv0EBjJp
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: e9db8a52-b5fe-473e-82be-85fc2f98ba0b
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 167
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 375Gp9wMdUYYXZMNlNAAYTjEWpcZc66zGBoyoxnScDl1G3IX4HQaHEu1KmOJ6BTpDeAnQlcW6to=
x-request-id: e9db8a52-b5fe-473e-82be-85fc2f98ba0b
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=chIzEk%2BMFal8vexVw3SZXrR7QZhYuTmvGU%2FtFbL%2BPkjBP7R0v0ZmZhL%2FCCf710dJ8ox8PRU%2BHRgZkUHgfkXoeCDRVpeNu2x%2Fco80fbpPnXTGWyrdAAQ0DvwwBQly4G%2BC"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 884441e3a917ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: UEnT9x4CK8DjxQr4ZUx9K76myVfhJ2rBZJrGgc5hcmE3WG74R3lnnA==

GET
H3 200 plugins.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/ 508 KB
119 KB 186ms
179ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/plugins.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 3TRAWDRWN5V694BF
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c612fe430751a00bb8750c6601520596"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 7fqlaiSrobvA_myCcLItYFNxElIoA1r6
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 5420143b-5bde-41c8-99d3-f79dee14bb3b
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 159
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hFf7WIzBEJSGGDppK7hFNEvgf243PKLiQodVHKWFvLoJ6vKBgjeFNxtxpwiEZ5dxye03EW6aeaY=
x-request-id: 5420143b-5bde-41c8-99d3-f79dee14bb3b
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kDFg08EwWg9cjBgdn0nInRnimnEPcXE1Ricxj1OSmnx8kuB%2B2Vt97wj4KDEJ5w31uapwyIKuKP6gKf9IQ4doLbek%2Fd7050snDZDe7lKK924QZNJCDic1WidnzAvCnd47"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
access-control-allow-credentials: false
cf-ray: 884441e3b91dab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: TyH3-JKDBk6lPNQKCv27XVV9OUAQGi1c9w37fuXK00QcM9KPj-pgHQ==

GET
H3 200 module_11124227288_updated_blog_body.min.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/ 244 B
2 KB 197ms
188ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/module_11124227288_updated_blog_body.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: FAQ7J3C7B12Z1RF1
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"cf3f93254ba12a90654162233cedfbcf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298027233
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2vRBYqYBKn.Un2cVRgM_9kk_TDebYnrs
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a0b319e5-6204-48e1-bfc7-b204b3459cc2
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 186
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dJYMfdWTUpon40U7fEy7eX2FfmwrxtUiA28MGQq/HKj4C3rziMCLSVLwve0xTXNbaCrNL6bhJrs=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a0b319e5-6204-48e1-bfc7-b204b3459cc2
last-modified: Fri, 05 May 2023 14:47:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AGDpSj6UXyj5b5ey%2BFZOkx599dRtwTwKrROqeirTEglVk77gMRBgQE%2BhcfgsEHursPQpAjviauiSdcKihtTwdniudiyh%2FQJq15OSBlMS07tTeykVE8UdzCKvl6LZ66Df"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
access-control-allow-credentials: false
cf-ray: 884441e3b924ab69-YYZ
timing-allow-origin: www.avanan.com
x-amz-cf-id: _cKk1ckOSA5jAjDUVcXE5k0jCd9Kj_KyQ5NpI9N6gwcib3SA_mlKgA==

GET
H3 200 1835778.js Show response
www.avanan.com/hs/scriptloader/ 2 KB
1 KB 200ms
194ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/scriptloader/1835778.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c23897aca0e8b6872a55fe59a195c071b5190411702dfb48ac2604f8bec31ed4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8377dc14-c1d2-41ac-9d9d-131df941fc33
content-encoding: br
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8377dc14-c1d2-41ac-9d9d-131df941fc33
last-modified: Wed, 15 May 2024 14:23:37 GMT
server: cloudflare
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-dxdpc
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQQ7etMR8ZRpiPD%2Bl2TlVbxxqDcjyp2yGw3%2FaLq%2FiRyB3tRmQ%2F0l%2FVveJ6vFTwiHgv1NS0Sjrd%2FPccHx9i2Ui3zfvviqvjcLAFmIJhigLDtdmU0jwKv0vEIve7OQHX3%2B"}],"group":"cf-nel","max_age":604800}
cf-ray: 884441e3b940ab69-YYZ
expires: Wed, 15 May 2024 15:47:20 GMT

GET
H3 200 index.js Show response
www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 12 KB
5 KB 200ms
194ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 792fd72f7da1e5732d6b6173dea66aa8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1387292
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: 1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 20 Mar 2024 15:59:57 GMT
server: cloudflare
etag: W/"5885ac5129ee80f8b7e1e228e142587d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fOfik0n%2BIlqq7MxEC7vlCh3L3coHn8RpX7GRDgR5p5qmb6ugB6U3vNX6MWS00LKGo1JMcF8fCG5%2F5Ry9akR71NGmxjIHFN8dMHWSJxSDfktmjxNM2YNJuzg1NKESF6oT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 884441e3b942ab69-YYZ
x-amz-cf-id: YXSEFa8drGo4Th49KIyq5foQAPIW4nhL-uge6LbuZtkzGKjU4mDe6Q==
expires: Thu, 15 May 2025 15:45:50 GMT

GET
H3 200 popper.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 80 KB
23 KB 198ms
188ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/popper.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 39d0b6c3836d173e719889fc86d67ce8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: G4B7Q3YWN2G8156Q
content-encoding: br
edge-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: OME08B.rG6TRAJ7DDfxDoqg2ImFXjByx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: sGPf68PHsdBdGKg6oZ/K506IksM/YWzA1nlQ0iWc0Q7SHekGXPN/xJS1w5yONWI73rOI+atHspsfc5asrn3GAQ==
last-modified: Tue, 30 Jul 2019 21:08:51 GMT
server: cloudflare
etag: W/"18977fcc54cc90302580895825f739ec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ozGtaauZgqgsK5sAJ4CMfLCLB715pO4sh2ifzzn%2F4ZyV00CH8gu9Bzm4TZODrB39C5XBaz8T%2FNWk0BRNUKFj7N3bafIFecVuueBRv4rR7HF2a3ZylnigVEUwSuksw5WP"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b927ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 5XrOIFEf4iRbkLLvLIw95cPlncZYCA5IKo7hH8DAUDwHMpeM_rBOsQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 jquery-migrate.js Show response
www.avanan.com/hubfs/website/code/js/ 17 KB
7 KB 198ms
188ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/jquery-migrate.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 019b4503d2ffede0ae900992ff140770.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3A4XR4G047RHQZY
content-encoding: br
edge-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
x-amz-version-id: O.IWEvWv.S2HIJh2gVb3UjxcZN2zO5t0
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WRNroKyrUIRRG+xosUjV+veHVXr16DGkDK9snWNW+2rds7QjIsrBBJy5J7QOhwpmS3xDHlfbRhA=
last-modified: Tue, 18 Jun 2019 07:39:43 GMT
server: cloudflare
etag: W/"e16bb3f1cf4b40a9e4de0cf7d4950cb3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uOKbG5z04mt8lCTh7jpab0MTIVwHy0lyLJyzbejTSKrg99JsJptX4ZUNIX1BsKoWXD7hW%2FnOB%2BXqywKK6BMEQbF5h84ZhMdNPqlzcgjdnsOK9TpPu1tJLpnwIyrs%2B5rA"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b92aab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: BbOcJsnL1Mf7fccsHV5WuwlgGgqrs-YH6t_EVT02WqTRGmzWhE2bXQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.megamenu.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 22 KB
6 KB 198ms
189ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.megamenu.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 bc9d715161855640c4738aa7390d934e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3AC4RWHDE9SMEJ2
content-encoding: br
edge-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tr8ZpL3KcSID6jBFr2cCd_jZ2gEqr8QS
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: iWY0bp804EE6kW5lJn9+IEON0TSjdWR/DlO1/FV2HZ+1jAR/xTN/Z6Mkh2LcC9EIgoKmaLFApQSK3KkkQ5w03w==
last-modified: Tue, 18 Jun 2019 07:33:15 GMT
server: cloudflare
etag: W/"26676e58c4eb0c77a8d2c99b4bd1ad43"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MG%2BEnfQdZgQgyh8HxqEhBcIbLhb9wDjqaSHP05dOxvWAKEvPo6KtB0HLAwC31p2ONr1%2F3Mnza8eHR49craVWialrj%2FRubRNz0M4JqeaHvmA4DvXiCEilWJrKxhpnyNGG"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b92bab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 7aefLizZNFaEuSj4cZG5G_f9ijVMnSgiwjfO-z3LvGWquTbvZZe7HQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 custombox.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 15 KB
5 KB 199ms
189ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 fdbf0bf4022c61868d8dad6b7d72a71a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3ACEEYQ6W635Z38
content-encoding: br
edge-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tm64yWHx4y9EpRwZ0oVdBIU91wzQQVgx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: uO3JXOG2d0/4YpLcrMtY0fdz8EzLoWRDSkIFpm0Wwoy6XQpQ9qYnwy9AsjUNln+4kkrdttWx4RI=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"a99f3446cf6471542e7b5103c1e0ad26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8yBXlhYoiuB3uokc6oRTKtAJReVenxMrgVV3vSSh4lZmV2JLKL4ttgyC4WZ4bEct6abQpuMK20zdNU9ikuSDRHTJNiM%2BsWv96ll%2FpCY4zjLu5BmU66H0EyiNDSRyt1Qi"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b92dab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: cuPSE2_LlqnB47BLwkyxdJG-6nRpDTPNRyetHfsoJXf7cxPdvScaZw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 custombox.legacy.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 102 KB
36 KB 200ms
190ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.legacy.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cb0c6226aa19d81a39519501df383968.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: TA28M3ACZRN7E254
content-encoding: br
edge-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: CNtvX5bcEOKz8jLqkiPSkGvNd2dpptBk
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RR/bX6ZSFHgClelduRp2mBZE5wBkGpzKku4Ug7INCWvuGkb/Ps1TJIE4AYGR08w35esCR2W7NlI=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"626f9c989ad909171b9c7e56dccfadd0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efILZPOCz6Yir6R0nU%2Fdzg3z3tLkb%2Bl1Ls7ZgZcgcpV1BYVBNJmvetXxwCoCdQvbiq4Irob%2BGYjW7l9sIyF%2Bc%2F86m6Sa8ahnRZJ4RHJbD9qghJ74xwoGAJCg8PEk%2BygA"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b92fab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: p0enCW7rDYC9xAC88IO3j0NO3wbIDf2OAS1M44Uq8rNLEe02gUyBMg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.core.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 4 KB
2 KB 201ms
191ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.core.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 d03af248468c898a111754f0666c2316.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3ACCHX3QH07V5KT
content-encoding: br
edge-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: t39fon58.c8wnVn0KiTmU6Cnt0f.z3k5
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MAKROJ/GUWuoVMqY2mKkvyyocGebRQMW6Lt2HYvfFob2+5KuBRBiPaQDnOXHk3yaaacrpt/ZULk=
last-modified: Tue, 18 Jun 2019 07:35:47 GMT
server: cloudflare
etag: W/"ad96a1d08e41474de9b172376ad8f2a6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkxKWuI3yINyiO5ugevlJJ7lrTno7nkLXx4ZX2nH4blzfd2ODz78sbiLSrK%2BsL6BxSjdsIua5hgrGxmZuRkIreFWfKFn7w%2BgVSSlVxXZBiKQwC8cyeYZsmMb2qpzaSvq"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b932ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: NSroDllXeAVjQJaJ_g4A203V4sP-DSTVKRX7KK_cuKjj3IHYmYROKQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.header.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 45 KB
6 KB 283ms
274ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.header.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 24c2a7b3c7e677d544aa5e2a7eb85b4e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: ZAYSK01FDYTR1YFP
x-amz-version-id: sLoBYokxi8ZRjPnVZWHiocCdDukS9g6O
content-encoding: br
edge-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: NO8YJaKQyxNVNLp3qLVeV0IloTkNROUtPW6ofz3jpj/3lV0W+TA0kLaVgjQlidVXOJ8G+BsZ38MyLG3Mut0pgg==
last-modified: Fri, 21 Jun 2019 15:22:17 GMT
server: cloudflare
etag: W/"da8e6062fc6df06d66405f3894ac0090"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4cIli3c16LrQ4k8R5PVOHK3%2Bbxc2e%2BP5fS%2BAGQdE%2F0IQSKBjfM871DH3lhfQs8%2FAkHSPDefcXiXOSoi2fqpXgE%2F3fG%2FuhZNXEiBhejLh02JkoV%2FiD0EKnjYd9h2HXjwx"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b933ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 3-8qX-4QumEkPEvYi5YrjSyeH1bHomrFi2b1SeG8Qs0McyOxxGdN7g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.unfold.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 16 KB
4 KB 200ms
191ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.unfold.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cfcfb1d8fbf5ce2b107182799687a614.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: R3AEVCHH8GGNQHR0
content-encoding: br
edge-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: jtHI_y0b8Eo2FGwKdP6LEhiHSwPKnVW3
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hGogTTNQPb5sqcm8HXAyBZd77o9qw8A2lpZDvuDLenvu26MHQCcc863sz5gOi8d9sPefhZbiy1s=
last-modified: Thu, 22 Aug 2019 18:14:11 GMT
server: cloudflare
etag: W/"cd7294af40bf5e701ac6f8cca4a7ebcc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gz50yAuDKjRO7u52avHW0eJT3YcOo6R4thjhcKscALG9fiqFERz92HDdF2RmpwElyk0RFPxt95JOo2BYElzt5JTiUQxmQNPKLjdocSq6rte3RuU57u5fAz2WWpe9%2BKse"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b934ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: oLvfxCO2xMIVvnYpuR85gvpyXic2KYn8MoxGA2OEoIUO0Kr9SOSXQQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.slick-carousel.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 13 KB
4 KB 263ms
254ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.slick-carousel.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 3c503941ffd955a9223590c80d8af4c2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: VBVJX8PNNNBEBCEY
x-amz-version-id: 47mSAiAgQ_ZLSqVaPMk.x.DaEXQJE5Q1
content-encoding: br
edge-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: zuxRL63EEvYjHpwxXnIrp0UW+CSr/Ck0ktpxnjg60cTxk2jBomV3ab9VOoCttKY/3AuV/EQdLgk=
last-modified: Thu, 05 Sep 2019 14:38:09 GMT
server: cloudflare
etag: W/"333f5cba208ba8133a37ded8fbd1d4df"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QexiqYf%2BLKL7AGWFbRrM%2B%2BN0Zol9gv20B251K9%2BZQDhZDAESKb2N7r0GPiKVXGSkCyfMPM%2BVHj%2FLLAAjBq3Hpyduwcyxo%2F7Edqf27qSgNnbiEM%2B%2BwYFXq%2B3D%2B6x%2BiB%2Fu"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b935ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: EKM4GY-Hlqc8Sa8hDyFoZlIqaNVjij3c2W-LNi6ySOJIwQwVwbB41Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 hs.modal-window.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 9 KB
3 KB 200ms
191ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.modal-window.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000
via: 1.1 cfcfb1d8fbf5ce2b107182799687a614.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 65648
x-amz-cf-pop: YTO50-P2
x-amz-request-id: TA2FJZKR64M7RKJK
content-encoding: br
edge-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: 37fiNFmrqmELkFKd5Hej0YGO_cs4_PVG
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9wx0TFcnT8gbW53ZDLuceumZLjCbxLF5gGpv5AtAYw3l5nHBQWTo+2LVKIjYjlRjnJ+iPV2v9DI=
last-modified: Thu, 29 Aug 2019 14:15:34 GMT
server: cloudflare
etag: W/"e835fc393be7df8bc21680227886c2a8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RvwEkhIoPWm7GFDNTIkI7VoUICpHrlco%2BW%2Fd3USjKWa8%2BBwO3bsZfWZkGZQ97uhjGc3a6WkWgONU5LNPT98w6JTsWdI7p3FIriFN4Ytyw4c5pM%2BHiL6xjGldb2A2x33B"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e3b938ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: YLrSv_Iu8a6H-umVC36UpWCZ1DbzOn-HAFSYB-TQIm6zI8f0ts2nuQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 331 KB
111 KB 141ms
62ms Script
application/javascript 142.251.111.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

5eeb903b2d5bca21ff576c8f051d446d06bca573edd729e5620c4cfe05f28ed1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112834
x-xss-protection: 0
last-modified: Wed, 15 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 May 2024 15:45:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 479 KB
132 KB 168ms
89ms Script
application/javascript 142.251.111.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

172f0599dd2d71ffd8a8dd522c558d69c73f73d291b5b00686e05585944880a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135341
x-xss-protection: 0
last-modified: Wed, 15 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 May 2024 15:45:50 GMT

GET
H2 200 lftracker_v1_OKM7ZEDV9rXg2zo4.js Show response
lftracker.leadfeeder.com/ 31 KB
11 KB 120ms
40ms Script
application/javascript 13.249.39.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lftracker.leadfeeder.com/lftracker_v1_OKM7ZEDV9rXg2zo4.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.39.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-39-43.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d98dd90e603d4835ac3c0eb988b5574530c225d0075fe87709e5158e1549178c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: dd0fJ3Jaz.ONneeJTb7ZD_2m.5x5DezQ
content-encoding: gzip
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
date: Wed, 15 May 2024 15:00:54 GMT
last-modified: Mon, 29 Apr 2024 18:59:01 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C1
age: 2812
x-amz-server-side-encryption: AES256
etag: W/"7634acb4e2aef60f1a80d46c4b760a79"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: tol_ycb0VauBgNpQYeREBMZUnaTmbZsyWmRXaS6mhKPs81sO8GxMkQ==

GET
H2 200 css
fonts.googleapis.com/ 4 KB
775 B 52ms
50ms Stylesheet
text/css 172.253.115.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto|Montserrat

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f95.1e100.net

Software

ESF /

Resource Hash

90798df68ecbb59920e7c732d62d6a15b436a2726c15b9fa0d44163fc1e721a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 May 2024 13:59:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 May 2024 15:45:50 GMT

GET
H3 200 close.svg
www.avanan.com/hubfs/jacob_redesign/page_icons/ 513 B
1 KB 286ms
284ms Image
image/svg+xml 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/jacob_redesign/page_icons/close.svg

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 8b37208e69f78eef4dd958de00423132.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: 11K0FMY2A5AD3SR7
x-amz-version-id: aGBLOARAtDK9aU8eL5GIguuA_ii6l6Ic
content-encoding: br
edge-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dSkcRKjHZFWrjkywLQ7cvRkU5ERuYpIk2BaneN+PnC8FbXew1uxruSfItiZeJGt2q4y/a6TE9xY=
last-modified: Wed, 14 Aug 2019 14:58:10 GMT
server: cloudflare
etag: W/"cad7540d366ad86e66ac89079055b4b9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRlRjpgBdRKxLSemOU8FmhLmgLtsH%2FgpiLor4SDPYELxixcfLj01knx1SEQ9hREwuXeyGuzHSclNxjNmr204WhcWJicl48%2BIxloViV8yhZuWrhEjXXjKRYR4cufC%2BIDf"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 884441e47a65ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: elWIBRiG5V_4jEItnWht0fouTSlVQZcJ2zF2SSR7-fA-f8xMMiipjg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
61 KB 27ms
24ms Font
font/woff2 172.67.142.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.142.245 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 677386
alt-svc: h3=":443"; ma=86400
content-length: 62472
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IhRXBtZnwToB%2FB9L8WHhFk8%2F5bUWl6g8BV1yMKhbs%2FbN5sTgFkLrOiUlgLviDlwVb4MrOqgDJSAzs49W2MWvWNndmgHKKrtaR5sO30fD7eE3h2it7dUJuQIFYE%2F8ze343IBZ2XRz"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 884441e4d880ac57-YYZ

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 136ms
60ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 16:59:29 GMT
x-content-type-options: nosniff
age: 81981
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:01:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 16:59:29 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 133ms
56ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 04:21:42 GMT
x-content-type-options: nosniff
age: 127448
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 04:21:42 GMT

GET
H2 200 u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v27/ 27 KB
28 KB 113ms
36ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v27/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 22:29:21 GMT
x-content-type-options: nosniff
age: 148589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28076
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:14:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 May 2025 22:29:21 GMT

GET
H2

200

TPmessage.JPG
raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/
Redirect Chain

https://github.com/Octoberfest7/TeamsPhisher/raw/main/img/TPmessage.JPG
https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPmessage.JPG

80 KB
81 KB

133ms
106ms

Image
image/jpeg

185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPmessage.JPG

Requested by

Protocol

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-108-133.github.com

Software

Resource Hash

d0ad8e1171410fba88207a9431fac8aec7bcae5f55697ad90a22157dc1ce5ada

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-fastly-request-id: 2f16b924a59073e1a7a814c081a9863d55ee855e
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
via: 1.1 varnish
x-cache-hits: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 81914
x-xss-protection: 1; mode=block
x-served-by: cache-yyz4543-YYZ
x-github-request-id: 148E:378AC0:883524:97CC2A:6644D8AE
x-timer: S1715787951.052786,VS0,VE90
etag: W/"3d432978fe7d8d01262aea9ba7482f7bd0d7c01109dff8174acaa9b3f6da8254"
source-age: 0
x-frame-options: deny
vary: Authorization,Accept-Encoding,Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
expires: Wed, 15 May 2024 15:50:51 GMT

Redirect headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id: 64B4:1E290:1B82747:28B9AB5:6644D8AE
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/html; charset=utf-8
access-control-allow-origin
location: https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPmessage.JPG
cache-control: no-cache
content-length: 0
x-xss-protection: 0

GET
H2

200

TPfile.JPG
raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/
Redirect Chain

https://github.com/Octoberfest7/TeamsPhisher/raw/main/img/TPfile.JPG
https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPfile.JPG

42 KB
42 KB

189ms
145ms

Image
image/jpeg

185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPfile.JPG

Requested by

Protocol

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-108-133.github.com

Software

Resource Hash

5c2040949f208d10bddd10a17976d22632637e933cc878d2808450d5e128ca72

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

x-fastly-request-id: 5f2d04850ed23af8827a91afa6c1753672f2ae56
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
via: 1.1 varnish
x-cache-hits: 0
x-cache: MISS
cross-origin-resource-policy: cross-origin
content-length: 42950
x-xss-protection: 1; mode=block
x-served-by: cache-yyz4543-YYZ
x-github-request-id: 62B2:303137:901627:9F97F3:6644D8AE
x-timer: S1715787951.052798,VS0,VE96
etag: W/"c212e88cd544a32cfae784930a80b2e9b24391516088ca48b58a9c386e614a3d"
source-age: 0
x-frame-options: deny
vary: Authorization,Accept-Encoding,Origin
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
expires: Wed, 15 May 2024 15:50:51 GMT

Redirect headers

date: Wed, 15 May 2024 15:45:50 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
x-github-request-id: 64B4:1E290:1B82747:28B9AB6:6644D8AE
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: text/html; charset=utf-8
access-control-allow-origin
location: https://raw.githubusercontent.com/Octoberfest7/TeamsPhisher/main/img/TPfile.JPG
cache-control: no-cache
content-length: 0
x-xss-protection: 0

GET
H3 200 purify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 21 KB
8 KB 30ms
30ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js

Requested by

Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1789081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7628
last-modified: Fri, 06 Jan 2023 14:33:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63b83136-1dcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dYjuLgEjOjxy6%2BYLe0sfIHZGGkI5oOVtCiNEYCDtpDqMwZqpDHB%2BTHgVmbgvVM04pvVo7Bsv1HTS%2BL9qBRYrhGZehKxlUZqVPyiOUb6QEnbUFjpxmnGeaMBKPuWavfw43v1sCRWU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 884441e4ace539cf-YYZ
expires: Mon, 05 May 2025 15:45:50 GMT

GET
H2 200 widget.css
www.gartner.com/reviews/public/Widget/css/ 155 KB
110 KB 56ms
55ms Stylesheet
text/css 172.64.153.35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.35 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7de470eb749b68a909379ee3bef2073c96c0a5f8f0df1b2f56a699cf2a4742d2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
content-encoding: br
cf-cache-status: HIT
age: 1779918
cf-polished: origSize=158367
x-powered-by: Express
x-envoy-upstream-service-time: 4
server-timing: dtSInfo;desc="0", dtRpid;desc="385744563"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 17 Apr 2024 11:14:32 GMT
server: cloudflare
etag: W/"26a9f-18eebc3f5c0"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
cf-ray: 884441e4adf136bf-YYZ

GET
H2 200 data
www.gartner.com/reviews/public/Widget/ Frame D431 0
0 107ms
58ms Document
text/html 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 237545
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
cf-ray: 884441e4fd53ac06-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 15 May 2024 15:45:50 GMT
server: cloudflare
vary: Accept-Encoding
x-envoy-upstream-service-time: 18
x-powered-by: Express

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 63 KB
63 KB 36ms
32ms Font
font/woff2 172.67.142.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.142.245 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:50 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 680905
alt-svc: h3=":443"; ma=86400
content-length: 64144
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "6814d0e8136d34e313623eb7129d538e"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q73CyQRZVt09azlxTrTZfrim2polZND2gIeesBiBWtcmNR8%2F34a%2F79Az9TlTfoDaj0YrUBTQ1oZ%2FW%2BrbdMdh3PZTNTvrjFOlyKnh8aZ5vgLR5yK0oKxmT1JxmzZnF3cPEBScxSp6"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 884441e4f8aaac57-YYZ

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 122ms
66ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 00:51:47 GMT
x-content-type-options: nosniff
age: 140043
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 00:51:47 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 119ms
63ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 23:15:40 GMT
x-content-type-options: nosniff
age: 145810
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 May 2025 23:15:40 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 128ms
72ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 01:07:52 GMT
x-content-type-options: nosniff
age: 139078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Fri, 22 Mar 2024 00:00:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 May 2025 01:07:52 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 15 KB
15 KB 124ms
68ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Montserrat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

on-in-f94.1e100.net

Software

sffe /

Resource Hash

4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 13 May 2024 23:15:42 GMT
x-content-type-options: nosniff
age: 145808
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14940
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 May 2025 23:15:42 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
4 KB 110ms
35ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

d88a3f1078ebb4d9a07cd59f3b3dbdf7d9b82eb34b702f10e82181f6725e2194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
content-md5: TyLs9uGaMB+zeIBkW5LkHw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1380, tbw=2795, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: O4AWYR0i0Y9xOGmDRqNLbRSOSa3kTUC3qdhLsmmRdGFXohtlMNa7wRQ8qPAdHW8G59vjNYx+ICn7mN4S8fKN7Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 50999c78edb28cf448aa4c9003fe68b5
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "cabd10b3cc3800376db7e6e4d8d89f58"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 15 May 2024 15:55:58 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 132ms
30ms Script
application/javascript 72.21.91.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/80E2) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 15 May 2024 15:45:51 GMT
Content-Encoding: gzip
Age: 594
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (cha/80E2)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 102ms
38ms Script
application/javascript 104.17.128.172
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef61f745ab49ef3bbdb192b7f791f9d645caa5f89817f099470397b13e742ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-amz-version-id: mFY3j4a3uPqa1nxwSjuH9WwSOlmw5rRi
via: 1.1 a47a23f37fc6f8e50c6d5f0b1b9273c6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD61-P1
age: 463
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.557/bundles/pixels-release.js&cfRay=884436986982a1fe-YYZ
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 5c756eba-da57-41ea-b21f-d6b6b248aa75
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 10
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5c756eba-da57-41ea-b21f-d6b6b248aa75
last-modified: Mon, 13 May 2024 14:08:11 UTC
server: cloudflare
etag: W/"c43db96a42a0426e882c9ce0209630a5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: MISS
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ncdrp
cf-ray: 884441e5ff8bac5a-YYZ
x-amz-cf-id: Zy-W78EYa7o2WTLhY_4U7AnFvmZXg5A_J5dKlw9lPKOEO47lL5Pm1w==
x-hs-target-asset: adsscriptloaderstatic/static-1.557/bundles/pixels-release.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 84ms
34ms Script
application/javascript 104.18.139.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.139.17 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
age: 60101
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js&cfRay=883e869b9c4bac82-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"d252299cef5b9176cf0435e72e0baeeb"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1338/bundle/main/lead-flows-release.js
date: Wed, 15 May 2024 15:45:51 GMT
x-amz-version-id: FzXUOelq5PzvbDhLOc3Au0ThiCBuXHAc
via: 1.1 b9e3ae23b2e5d7b2e1c159467ba23f34.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 79bf7175-5515-4b70-908e-de8fd049a47d
x-cache: Miss from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 35
x-evy-trace-route-configuration: listener_https/all
x-request-id: 79bf7175-5515-4b70-908e-de8fd049a47d
last-modified: Wed, 03 Apr 2024 09:27:53 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7
cf-ray: 884441e5ee0f3700-YYZ
x-amz-cf-id: tFthC9YO52kDaPOGazub4Vd9t3use0o_MD-eoH6vO9LQA_b5-7IA6Q==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1835778/ 71 KB
23 KB 103ms
59ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1835778/banner.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfe1ede216323e004cb709efa886a6d8e235d2174f9291b5f005213e1cdcf046

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-amz-version-id: AbzB.UrQ6OLGCUU6tD_CYHsXoM8EAvR0
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 7EBV16943F258PA1
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 0cf17d9e-cf66-493b-b529-b8400361e44c
x-envoy-upstream-service-time: 89
x-amz-id-2: u4CosTjE41cGnJG9hWRlWeMSvAlhch5X0nw/4zPFN/52hWm2DyfIpQPgvqkzhdGAFbN9U0QQ0iQ=
x-evy-trace-listener: listener_https
x-request-id: 0cf17d9e-cf66-493b-b529-b8400361e44c
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 14:04:16 GMT
server: cloudflare
etag: W/"a1570bd4f8e9c4c7f69b737d24256229"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-qr8zh
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 884441e5df34ab96-YYZ
expires: Wed, 15 May 2024 15:50:51 GMT

GET
H2 200 1835778.js Show response
js.hs-analytics.net/analytics/1715787900000/ 67 KB
21 KB 159ms
116ms Script
text/javascript 104.17.175.201
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1715787900000/1835778.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.175.201 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48c0ca426cf9542d9f4caa219720ce1e5074c87fc5b223b6519317ff58f044ae

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: MGJKMKVPQJKE1F1B
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: c853ff0f-196d-4502-87d4-858b0eba063c
x-envoy-upstream-service-time: 18
x-amz-id-2: 59Xa5WFJUZMlzkFl+B2/njdj8hCrn3txHWeCWmcmdMNs+lLOgh3X7Nnyn8tvs8X7O+DWm24gc94=
x-evy-trace-listener: listener_https
x-request-id: c853ff0f-196d-4502-87d4-858b0eba063c
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 24 Apr 2024 18:13:41 GMT
server: cloudflare
etag: W/"6a2ded530d55c41a1aea87250fd7941c"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-gnznr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 884441e5dd2daba5-YYZ
expires: Wed, 15 May 2024 15:50:51 GMT

GET
H2 200 /
tr.lfeeder.com/ 43 B
294 B 164ms
75ms Image
image/gif 3.162.112.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=OKM7ZEDV9rXg2zo4&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6W10sImdhQ2xpZW50SWRzIjpbXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi42Mi4zIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5hdmFuYW4uY29tL2Jsb2cvdGVhbXMtYXR0YWNrcy1jb250aW51ZS10by1zcHJlYWQ/dXRtX2NhbXBhaWduPUNhbXBhaWduJTIwLSUyMFBERiUyMFBoaXNoaW5nJTIwRU1FQSUyMEFQQUMlMjA0JTJGMjUlMjAtJTIwRlkyNCZ1dG1fbWVkaXVtPWVtYWlsJl9oc2VuYz1wMkFOcXR6LTlkNEhTRDl1WWtUUzB0OEI3QnZXUGFUZGx0MkxYQ01uMXdhYnRmbk80SGdST2F3T3huejNwbEFoNElEZEZGU01MSjBpcGdTb0dJMUdzcDRlUlFDMlR2WUY5T05BJl9oc21pPTMwNDAyNzA2MiZ1dG1fY29udGVudD0zMDQwMjcwNjImdXRtX3NvdXJjZT1oc19hdXRvbWF0aW9uIiwicGFnZVRpdGxlIjoiVGVhbXMgQXR0YWNrcyBDb250aW51ZSB0byBTcHJlYWQiLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6IjM0NTE0MmFkN2Y2NDg2YWYiLCJzY3JpcHRJZCI6Ik9LTTdaRURWOXJYZzJ6bzQiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjp0cnVlLCJsZkNsaWVudElkIjoiTEYxLjEuMWI1ZmQxNjYwMzRmZWJkOC4xNzE1Nzg3OTUxMDY0IiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6Im9uX3NjcmlwdF9sb2FkIn0=
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.112.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-112-71.iad61.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD61-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: JS9Q9uXlVBwZCbqqHwvRbSu843m52C-LQDdhcGtvan7FuuFj_ofxhA==

POST
H3 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
64 B 170ms
95ms Ping
image/gif 172.253.115.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p3p5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma_cps=-&dma=0&npa=1&gtm=45He45d0n715JCRGPv6871859za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f155.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
673 B 73ms
72ms XHR
text/plain 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1835778

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 65780e3b-d228-439f-9a23-0a1bbb1ca87a
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=884441e68e3636c2&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 65780e3b-d228-439f-9a23-0a1bbb1ca87a
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-68b7f7fbff-ncdrp
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 884441e68e3636c2-YYZ

GET
H3 200 postlisting Show response
www.avanan.com/_hcms/ 5 KB
2 KB 127ms
126ms XHR
application/json 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=recent&orderByViews=false&hs-expires=1746992032&hs-version=2&hs-signature=AJ2IBuF6mjxLc1A2J_hC6XRTfKeS7FII5w&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

17520dd2a2d69ca601d3f9a69de5ef26e27e89df0ae744c0630f874ec0827a1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 72b8010b-e9db-45a3-abf2-4d131441065c
content-encoding: br
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 72b8010b-e9db-45a3-abf2-4d131441065c
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sj86q2yRfvxNmjy5lGppk6RrAJYVstHjIzlF3HbD%2B5uvm8H1ya%2FTAR5SQyQ2YkI6VNbTeDydJ2%2B79qVJ%2B0XALKbMXuvSFSQDcK76jG1XjZogl%2BBCA9DKNnbmowKk%2FvmV"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-799fdf4564-pghq7
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 884441e68d80ab69-YYZ
x-robots-tag: none

GET
H3 200 postlisting Show response
www.avanan.com/_hcms/ 7 KB
2 KB 118ms
117ms XHR
application/json 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=popular_all_time&orderByViews=true&hs-expires=1746992032&hs-version=2&hs-signature=AJ2IBuHGHsDgiAyhW0z57r_IdIoLYr-WCg&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

52676744c5fe8b3e5c4de2eca3e7df4f7a740c71bd8d8b91cac46f1b2c55208a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 914eaccc-fa47-4ad1-b98d-b79f14e3da34
content-encoding: br
x-envoy-upstream-service-time: 25
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 914eaccc-fa47-4ad1-b98d-b79f14e3da34
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TioDFVDcpLvP7rl8xGOXNpYz45g%2FihVJfN5y6XwNOr3Du2P7iKgLWQe4eZCcvA%2F4XdKq%2BbE6GZUd2hNeq7pfYJnkevd4jDXxslYeyEjCDZ%2BL%2F1GANvsI5bFo%2FKpL6EdL"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-799fdf4564-bwjv9
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 884441e68d84ab69-YYZ
x-robots-tag: none

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 70ms
32ms Script
application/javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Dw6K+rTuf8kOuPIEBw1QQA==
age: 3211
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6881
x-ms-lease-status: unlocked
last-modified: Tue, 14 May 2024 15:26:36 GMT
server: cloudflare
etag: 0x8DC742A3E32B9ED
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 7c8f3a96-d01e-00a8-7019-a6957c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 884441e6dbcdab08-YYZ

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 4 KB
2 KB 74ms
67ms XHR
application/json 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&pageId=123632260951&pid=1835778&sv=cta-embed-js-static-1.292&utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&rdy=1&cos=1&df=t&pg=c953fa87-efa0-494e-9947-98ffe764fcd8

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88b528e2fb3951ba4169df88d226e6aa6d04f2b9dd010986e244b26a3fa325d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f0372175-c313-40f2-bbce-a0a98c9f1f10
content-encoding: br
x-envoy-upstream-service-time: 18
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f0372175-c313-40f2-bbce-a0a98c9f1f10
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-mqhvj
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OoOgyk6dMMPaU0hfEYFujHxsvIf3Zi4x0DRyHtOuaoCcVTGqVmwmKbYawsx4xZiXuzJUzmWSn3HPLx7SRBGKGLEOr9hbAnUyqR%2BApgXUjDzRhMYmLiiRlFisDZCe490bqGCOyrLG%2F5GjKbDTh28%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 884441e6ae5136c2-YYZ

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 299 KB
86 KB 72ms
36ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=19d11083138e44f7e74bfb70c922a4ad

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

6f02b37f1f9ed3c1998e50bbd1b6713584fc0bd20cd4213501921b2b1effc3eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Origin: https://www.avanan.com
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
content-md5: edC9ZO3kQbBNnzjHPtNi3Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87587
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=23, mss=1232, tbw=4285, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: 7hmnHz3zYsk3GArmmUt14ZULYXYnUq5WFwyBB0fAqWbmt8UQKuT95SX2uCxWbGiFyfhPUu3Z0Qg1a6yU/Y2SOw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 66c6aeccfac21b66237b0a6075bd9ea0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "a45343081a51bb17e3767cea502c930b"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 15 May 2025 15:22:05 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 113 B
1 KB 134ms
86ms XHR
application/json 104.18.240.108
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1835778

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.240.108 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f074053d-1546-4580-a5fc-790bf03b1c0d
content-encoding: br
x-envoy-upstream-service-time: 12
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f074053d-1546-4580-a5fc-790bf03b1c0d
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5d47c8d44f-rsr5g
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fU2pJNmELwFx8mRX38dX97OEWgyUu0bsePkbjYk2yrUTX4GV3fa%2FQej5jV%2FyOBfgSBVDA1Xyh5VcT021GdmxpBesxYRMPAZhhQe0jNY0lAsm2jg9JfiOG4xRf4NNbnso"}],"group":"cf-nel","max_age":604800}
cf-ray: 884441e70815ac0f-YYZ
access-control-allow-headers: *

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame FFC1 0
0 120ms
32ms Document
text/html 72.21.91.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/81B1) /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4432233
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Wed, 15 May 2024 15:45:51 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/81B1)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
540 B 114ms
113ms Script
application/javascript 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=1835778&pg=c953fa87-efa0-494e-9947-98ffe764fcd8&lt=1715787950812&dt=1715787950813&at=1715787951221&ae=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-origin-hublet: na1
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 1410b0cd-458c-4d89-8b5c-62a3033e3b24
x-envoy-upstream-service-time: 23
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1410b0cd-458c-4d89-8b5c-62a3033e3b24
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XDtmOQKs62WJDacwOkXr5AOmfuBoZIWgY2n1mCh9ErumQHG82rMsrIcm%2BeFetJ%2B1OiLuqT6iddD11M6oM16JjPXMqaUfKNOZdFTyy17he3b6LBSbTJJQ3S1tNo4wSieW9BTVUAXRn64W2PD6XDA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-9gk7d
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex, follow
cf-ray: 884441e73ee036c2-YYZ

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
927 B 89ms
57ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 21782c55-45f5-4ce7-b897-3c91b4c795f1
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 21782c55-45f5-4ce7-b897-3c91b4c795f1
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-xkc98
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 884441e76d70ab10-YYZ

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
891 B 91ms
59ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: edd6dcc0-a352-48d4-85b8-0aced5863168
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: edd6dcc0-a352-48d4-85b8-0aced5863168
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-dhztc
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 884441e76d72ab10-YYZ

GET
H2 200 52127f8b-58c8-43a1-aff0-3c29a26e76d8-test.json Show response
cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/ 5 KB
2 KB 156ms
119ms XHR
application/x-javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2f85bc03d72fdd58ac7fb2cb580914b4679bcf8c99533ba20743ee73d0e28ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: zW+nmlOpfOHASPspd29pVQ==
content-length: 1806
x-ms-lease-status: unlocked
last-modified: Wed, 27 Sep 2023 17:33:01 GMT
server: cloudflare
etag: 0x8DBBF7FCC4B93BF
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f4bc3c5c-301e-0065-10de-a6f034000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441e7890d3739-YYZ

GET
H3 200 Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 7 KB
8 KB 239ms
239ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9471c2023cb016db2280a248bd8c47f9a87ece862578b0f2308ed7308191c9e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 141b2a0bfdcf3225afbe04affb901120.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: 5BWPBC8EAEJWP6FD
x-amz-version-id: yOBXxHcQhK5AkB0oyxYBslCmMPyxVN5L
edge-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 7014
x-amz-id-2: 0/ceEHcJMXOQUBy/C5vTtt9FNPAGG3x/puU7PT5xqVuiIkFENCx2rjQAeQvHdCJ1LU0r6L7BenI=
last-modified: Mon, 15 Jul 2019 15:09:16 GMT
server: cloudflare
etag: "8125afc7f8e4f6afcb3215c0f0838e9f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9No8lXfXC0YJqLv2kuvJLn6YzKCX9SYTfNca89VSobtBy7UJNq6ufrfGYqx76kLvMV3as5x8Kt2KuxOKCBWqK6rxxulsBNJbjCzQzotBpARx3sBfbV13zlO16%2FF3cyG"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e74e82ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 3oHTXoz4005UNbM5H_aK-sc0YHoYuTeS5yMWMZ6l1H4RV3o1mH_vCA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 14 KB
15 KB 260ms
257ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fabb98047b3ac3d7b59923b47ee509c0b5e1e4846dfe701173e71080cf8493c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 b46ea00af935bf6290d93c76c66e0c8e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: R5B7M5SC7SKS217W
x-amz-version-id: ydaMoVEI3EqauKaA9V2_DbfLmkZ4PelZ
edge-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 14729
x-amz-id-2: WACSo6NTYQfzQr9BMIPLOLtNTIDWQ7UFQ5KR7n7irGqvnwWTVJ9975556NXhK50yG43m5tURlNI=
last-modified: Mon, 15 Jul 2019 15:27:08 GMT
server: cloudflare
etag: "477b6391512f284fdb1b9be9e024d97f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0aIm8HRUUFICvwodBq%2BX6M2S3q9rnIeQ%2BsPAhNWlLOm6ZkabB%2F8hnrak831MkMZz%2F2GmTakiySdhfy0j%2BZMNUJujBH4DXh5u44RhCjnzud7RwUr0a9OA4%2BNIKjAbuCf"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e75e87ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: 0iZLHS3c7-27Jcs-LNpNBu60t4xA2gM-x8KlooZSQrx8Fkj3KdFD-w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 12 KB
13 KB 249ms
246ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

766f80c74c4bf212a37cac8008e72ce201136f46f1e04d269bb3c2b7383925ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 c823350775ceb593355f2c0ee7cd3b2a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: 5BWR5M3JXVMQN25K
x-amz-version-id: N_MnPa4GyRrx42wIuC2oH5cUB01QyWa3
edge-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 12541
x-amz-id-2: OR+V7A0PZDQWOCY4RHxDaEIW1zXHqvub+g24RqpGrdmq/Nc+i+f9WJs6XvpvWw02b1uAs5qseETeR4ZlC+yjXVtPFm13EIm67jf3qB6OGNw=
last-modified: Mon, 15 Jul 2019 15:29:14 GMT
server: cloudflare
etag: "b6aafb5047af62538589406b53694ac6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dT3T48N48%2BwBXWy80%2Fl%2BNFGgDe0PjAnv6uQxkkyTe088mcyobpJkcFf21Kt28BjkS5B7%2BgIT4TS9f5AvdcZvOWUSYJ3vmtbL%2FPh4drgkSAIxrcE%2FKYOBSXgUX2Hutvor"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e75e89ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: D_IVUg2sXZW8Qm-ccLOfpQBaElN5s8J-0ElAOx8ZxaRqbK3Tpl51fw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 12 KB
13 KB 252ms
250ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

06569c31071f169a24649f3312a1bf0ee54e4927438a317de61e0c28dbec67ba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 3c503941ffd955a9223590c80d8af4c2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: 5BWWKBA8B7ZJ8TXQ
x-amz-version-id: FviQOCsHbLeXzaUcA2EbVpPC3vT_wGWu
edge-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 11848
x-amz-id-2: ecs7TebVvFRt7FdgvYrHF3Ra2FT25UqPigzEMkUq+N3HJvsjaoJvswButNIEV1jX8KNtZK8j5ircXEuCyXq7RdrvvOUXxfcdwldxW1y/Mbs=
last-modified: Mon, 15 Jul 2019 19:24:10 GMT
server: cloudflare
etag: "bca56f3cf898c1b6593fb7ed155d1c49"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C4ihvwlBra%2FmIyj1XXbHbbFA8DZTv5T9yGqLYW4GbavlPxwzcZjGDfs%2B4f7hotEe7gqsgW1zHpZ4T2nJdAep3jraN6bDI9tuysM1SfobsccT%2B3KWpHegR5BcZD9wFMUC"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e75e8cab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: zS95W8mjPJLrjC4RnRS_hEN_ZRvMBBTBLZMOOzqY7VqiX2Ug_b7q3w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 7 KB
8 KB 243ms
242ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

497ef5e6ce4cb859475f843cbf3991f16d408ed47403c5d968b70c3cd6404674

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7adea6a626ffc779dc26bac2782f042.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: CM8MH2DW0X7GRQ01
x-amz-version-id: G5ELs3jKBLJmOK8DWOt6WhtX3JSMSxSz
edge-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 7128
x-amz-id-2: VuXgqy301TpsOYyMpRBh3xx864Tl5bDfd1fmQyD0eUwNWoH8LSOgGttasd85wOiiUB+1RQBLobQCDA2APalJp0vMEBJMtZ0LXE+JRGYO8O8=
last-modified: Mon, 15 Jul 2019 15:25:56 GMT
server: cloudflare
etag: "fc3f83b4e407e381c43aab80d24ea1d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8AHHbJTtAWpMDxXXwwzLZqnQ6VGzGjeLkZuyEMJiW62OYzZOT3lHusy3cgA13K9RGtM0pQfd5FNABZBnAv81DXU1C6vB2g4qz8OFlBbgGjJozWRIRTEB9VNOh85fy22"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e75e8eab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: VVXh5O-B8TGV-O9GWUcK3sXK1cWoizeFmjJy9RsxlS6O58eedhNDrw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 10 KB
11 KB 275ms
273ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

edb06075992908075437d1712e9eb65c0fe1bbaa745ceb94e1a9f7c9f1b5e6e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000
via: 1.1 7d7c52d1848969f2077d9502aa06f40e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YUL62-P2
x-amz-request-id: GKRYS4R8W3HHNCXX
x-amz-version-id: 2lJpL73VoPYJGYmEK4csso3aWzFV5e03
edge-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 9877
x-amz-id-2: rlkZrBs69lADqvbdGosblx8jj/pUnl/z9h09A0I4x/aQfB0QSbAf69AiWF1XLlREe1FSrM0MZmg=
last-modified: Mon, 15 Jul 2019 15:28:27 GMT
server: cloudflare
etag: "548590285b53aff019e25f9f13cb06ea"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kLe1hDseGoKeXvB5Lqi8bnyr50clQZ%2BlfLvDGAes3nxkTGqfGYR6HudpzO5qpqi1lPad1xToA21n48F0uqq0KU%2FfWaxsqzYrGYj2guEYw9ftzR1qDwQaK722lblbJ%2FRg"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 884441e75e92ab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: LwtlzA2CA29kTGZCVGuepzNTcMrJCFc5qfLXjVE6_4gNhXIMx56UTg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 106ms
37ms Script
application/javascript 23.218.217.183
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.217.183 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-218-217-183.deploy.static.akamaitechnologies.com

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=14730
accept-ranges: bytes
content-length: 16683

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
306 B 81ms
41ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept: application/json
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 884441e88a72aab9-YYZ
access-control-allow-headers: Content-Type

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520P...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520P...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1715787951408%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520P...

0
163 B

64ms
63ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 625548D5647D45B689605A4840D21628 Ref B: YTO01EDGE0813 Ref C: 2024-05-15T15:45:51Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYYgANf7JxGW2MPUvUvhA==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYYgANeRnHdRZHjQX0BEA==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C3F9B21DBF684B7A9A657AA45DCD4FB5 Ref B: YTO01EDGE0813 Ref C: 2024-05-15T15:45:51Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1715787951408&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/ 421 KB
101 KB 30ms
29ms Script
application/javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: B7RJGeSCnZZuAb1NQkB81w==
age: 3073
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 103637
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:02 GMT
server: cloudflare
etag: 0x8DBB9A2763B37CA
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 370b2d5d-e01e-0045-3ee5-1dec60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 884441e8ceedab08-YYZ

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 33ms
33ms Script
application/javascript 72.21.91.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/80E2) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 15 May 2024 15:45:51 GMT
Content-Encoding: gzip
Age: 4433839
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (cha/80E2)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/9995d05d-866d-4909-81dd-446d69a173ac/ 95 KB
20 KB 119ms
118ms Fetch
application/x-javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/9995d05d-866d-4909-81dd-446d69a173ac/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad66b40ac6fb0451baa6f252864ee213eb292767fe47d1cfc08656ba5b64e1c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: pCQHbcaD3ojQOlHiOLzeTw==
content-length: 19837
x-ms-lease-status: unlocked
last-modified: Wed, 27 Sep 2023 17:32:56 GMT
server: cloudflare
etag: 0x8DBBF7FC9B25E29
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a971add2-e01e-00ab-26de-a6967b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441e95b2a3739-YYZ

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 5909 0
0 32ms
31ms Document
text/html 72.21.91.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/8095) /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4433853
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Wed, 15 May 2024 15:45:51 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/8095)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 02F1 0
0 31ms
31ms Document
text/html 72.21.91.66
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (cha/8095) /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 4433853
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Wed, 15 May 2024 15:45:51 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (cha/8095)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
292 B 175ms
61ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22AvananSecurity%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1715787951627%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=39c306297f51fd019831e8d7575f39aee4c9d3ae

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 6
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=631138519
last-modified: Wed, 15 May 2024 15:45:51 GMT
server: tsa_b
vary: Origin
content-type: image/gif
x-transaction-id: abdd088f44ddf622
cache-control: must-revalidate, max-age=600
perf: 7402827104
x-connection-hash: 97609c18ae5a0dcd65a8e6ceb306afeed6a83733f4ff71663491a27f3fb46373
content-length: 43

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm=45He45d0n715...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm...

42 B
65 B

121ms
47ms

Ping
image/gif

172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm=45He45d0n715JCRGPv6871859za200&auid=2078681402.1715787952

Requested by

Protocol

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13r3r3r3r5&rnd=2137608253.1715787951&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&dma=0&npa=0&gtm=45He45d0n715JCRGPv6871859za200&auid=2078681402.1715787952
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otFloatingRounded.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 10 KB
3 KB 42ms
41ms Fetch
application/json 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otFloatingRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: JBYz6y0YLdPMjkmPCHT4iQ==
age: 72192
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2644
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:55 GMT
server: cloudflare
etag: 0x8DBB9A271F46AFD
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 46a37fad-f01e-002b-1d58-79b94f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 884441ea7c793739-YYZ

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/ 62 KB
13 KB 35ms
34ms Fetch
application/json 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3yHA5F3oKJDlMPXEHc+wYA==
age: 82018
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12708
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:57 GMT
server: cloudflare
etag: 0x8DBB9A2735C2A8F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 39a674ab-b01e-0074-38d1-9bc72f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 884441ea7c7c3739-YYZ

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 21 KB
4 KB 32ms
31ms Fetch
text/css 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 72192
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 9a2973ee-e01e-007a-0e67-7924c3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441ea7c7f3739-YYZ

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
102 KB 54ms
52ms Script
application/javascript 142.251.111.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

a466bdd4124e2463ce30ee35733e78f0e983cf335ae1a754a6bab723376f8c9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104262
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 15 May 2024 15:45:51 GMT

GET
H2 200 e1efa08e-e135-4766-9e10-b54f0663900a.js Show response
j.6sc.co/j/ 4 KB
2 KB 119ms
42ms Script
application/javascript 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e1efa08e-e135-4766-9e10-b54f0663900a.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-73.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fe1d77182f48fdeb7d27527565f4c8d2b598af1077cbc5aa5add9fa6adc10245

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: pW4IebgOIKuZbCmTyEksxeIapWQKxcdM
content-encoding: gzip
date: Wed, 15 May 2024 15:45:51 GMT
x-amz-cf-pop: IAD50-C2
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 1178
pragma: no-cache
last-modified: Fri, 19 May 2023 18:18:46 GMT
server: AmazonS3
etag: "6034df01e873fa0ea3a670daa3807be5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-amz-cf-id: hLrNVU4TA1xlVQyF9-BnrIyqAEMOUSDsBfsagyomthBFpy7s_NM7MA==
expires: Wed, 15 May 2024 15:45:51 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
0 0ms
0ms Script
application/javascript 23.218.217.183
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.217.183 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-218-217-183.deploy.static.akamaitechnologies.com

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=14730
accept-ranges: bytes
content-length: 16683

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 120ms
49ms Script
application/javascript 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 15 May 2024 15:45:50 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4E7D7F68EF86492C8883E362F38CB512 Ref B: YTO01EDGE0810 Ref C: 2024-05-15T15:45:51Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 229 KB
82 KB 51ms
51ms Script
application/javascript 142.251.111.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-881234066&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

8925dcebe675f80e0d8aa3f5ce2eaac3bd94d251edb40ddedabd74c5d1cfbeeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83871
x-xss-protection: 0
last-modified: Wed, 15 May 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 May 2024 15:45:51 GMT

GET
H2 200 hotjar-2523353.js Show response
static.hotjar.com/c/ 9 KB
4 KB 130ms
36ms Script
application/javascript 18.160.41.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.160.41.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-160-41-49.iad55.r.cloudfront.net

Software

Resource Hash

255ca75c18fc3a2a68709668d2affadd648586c97c568b0779a8c2187e542fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:44:52 GMT
via: 1.1 ebd7b246dc1b8bef0a7a10752563dc62.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P1
age: 59
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/a2889b4bf086cb1ddf2bc684ffc5b9f5
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: xjHKCffRQy7_MX6YC8gKDXji0Qo2Rzzwq5Cvb6GjmmTL_MiostBgtQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
57 KB 37ms
35ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 15 May 2024 15:45:51 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=21, mss=1380, tbw=6591, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: uZ+LQDnaPIDifjYuiFM+LbWGTISvcg0dWbWjFVW2fHAmw3D10tkcNFnk60HHpenbrM/UNR6zqt2UXiTKL0Yp0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 119ms
34ms Script
application/javascript 18.160.0.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.0.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-0-29.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 14:46:27 GMT
content-encoding: gzip
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
age: 3565
etag: W/"e31293f40e8a324de552ff593ee76a9b"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: dCSt3AgFQaiT6rAoRPJH62NQwqE8e3UGrZkaaGIBuFeOK4Xttc61wA==

GET tbw_analytics_v1.0.js
d26x5ounzdjojj.cloudfront.net/tbw/ 0
0

GET
H3 200 capterra_tracker.js Show response
ct.capterra.com/ 29 B
680 B 136ms
98ms Script
text/javascript 104.18.16.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.capterra.com/capterra_tracker.js?vid=2117953&vkey=f73241bb49d31b9ed492b4202bbe1244

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.16.169 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b521cf21eb734ff6b687aef8f56b3ab1be44709262716e6817b1898bbc2b986d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-bot-score: 84
x-permitted-cross-domain-policies: none
x-j3-hash: bf2e503cfaa8d03a533fd1720c760590
x-js-detection-passed: false
alt-svc: h3=":443"; ma=86400
content-length: 29
x-xss-protection: 1; mode=block
x-request-id: d41b407d-585c-40d3-9c31-5287c2b45799
x-runtime: 0.009860
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"b521cf21eb734ff6b687aef8f56b3ab1"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 884441eadc28abb1-YYZ

GET
H2 200 tracker Show response
www.influ2.com/ 5 KB
2 KB 82ms
43ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

1cebdabb8b93d36dc52cda86ff6cdb3a2a59562512218d4dc5d0875551c683ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 May 2024 15:45:51 GMT
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 89ms
43ms Script
text/javascript 172.64.151.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.60 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 33510
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 884441eafddc39f0-YYZ
expires: Wed, 15 May 2024 16:05:51 GMT

GET t.js
vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/ 0
0

GET
H2 200 4393.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 147ms
99ms Script
text/javascript 104.18.43.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/4393.js?p=https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation&e=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 721cb72b-e898-4456-ab64-0dad5db9fae1
x-runtime: 0.018525
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 884441eb2f9239e4-YYZ

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 62ms
62ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:51 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 12575ADBB713429681C3E0F9C45A7FC9 Ref B: YTO01EDGE0813 Ref C: 2024-05-15T15:45:51Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.avanan.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYYgANgoXBSIFZoAN0hLA==

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
599 B 34ms
32ms Image
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 1722
x-ms-lease-status: unlocked
last-modified: Wed, 15 May 2024 02:30:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: e687de37-701e-0087-3277-a61446000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441ead9adab08-YYZ

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 34ms
34ms Fetch
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 72996
x-ms-lease-status: unlocked
last-modified: Tue, 14 May 2024 15:26:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 65ec346b-f01e-0015-1f16-a683f0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441eadcfc3739-YYZ

GET
H2 200 privacy-center.png
cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/ab35f60a-5fe3-425a-8fd3-54a1c7472028/5abbcdb5-e783-4bba-8ec5-526bf2f46f6a/ 1 KB
2 KB 132ms
131ms Image
image/png 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/ab35f60a-5fe3-425a-8fd3-54a1c7472028/5abbcdb5-e783-4bba-8ec5-526bf2f46f6a/privacy-center.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: HnzIqzk5bF7upvrzwNVyQA==
content-length: 1478
x-ms-lease-status: unlocked
last-modified: Tue, 25 Oct 2022 18:30:06 GMT
server: cloudflare
etag: 0x8DAB6B6F07B96CC
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 818c4d8d-101e-007e-4472-79a9c4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 884441eaf9dbab08-YYZ

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 31ms
30ms Image
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 May 2024 15:45:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 3168
x-ms-lease-status: unlocked
last-modified: Tue, 14 May 2024 15:26:38 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: a2a4f317-e01e-0089-4531-a6f84d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 884441eaf9dcab08-YYZ

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 120ms
43ms Ping
text/plain 172.253.62.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-48VXKGDGCV&gtm=45je45d0v881001595z879081916za200&_p=1715787950532&_gaz=1&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&cid=2088475095.1715787952&ul=en-ca&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&dp=%2Fblog%2Fteams-attacks-continue-to-spread&sid=1715787951&sct=1&seg=0&dt=Teams%20Attacks%20Continue%20to%20Spread&en=page_view&_fv=1&_nsi=1&_ss=1&ep.host_property=www.avanan.com&ep.page_level1=blog&tfd=1861
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.62.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bc-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
245 B 122ms
46ms Ping
text/plain 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-48VXKGDGCV&cid=2088475095.1715787952&gtm=45je45d0v881001595z879081916za200&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bk-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 800ms
760ms Image
image/gif 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-48VXKGDGCV&cid=2088475095.1715787952&gtm=45je45d0v881001595z879081916za200&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5&npa=0&frm=0&z=1882713738

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1936026250043111 Show response
connect.facebook.net/signals/config/ 57 KB
12 KB 72ms
71ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1936026250043111?v=2.9.156&r=stable&domain=www.avanan.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

b3b8d6b091f42a65173993cc917c93da698519b1c3949a04c82b49afe0c0bbc8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 15 May 2024 15:45:51 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=23, mss=1232, tbw=4321, tp=9, tpl=0, uplat=37, ullat=0
pragma: public
x-fb-debug: wlC0+sna4jcQE8eTj7aYvv6HxRGI/wBoPr1LT555g2/9DO/4gcZqfwqqt6vTeCLedpNeGvmQgToE1SyOb8MAHw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 4 KB
2 KB 69ms
53ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1715787951943&cv=11&fst=1715787951943&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-881234066&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

a3afc764c9f3be5107a78709e026aa850c8fdbb077d68933b5cc233ca6bf08d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1663
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 4 KB
2 KB 63ms
48ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1715787951949&cv=11&fst=1715787951949&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-881234066&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

450c1470f12b1372dd158c194cba39f64f262c5481f9b0ac8361420101474da1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1664
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
455 B 59ms
59ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1715787951967&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1237514
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:52 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPoowca80CHZ_MOtTSJS_Rb6gZfKRnhjbmUp4NOe1zG_kz4gM-iWEyd9AArtF3fEHXB0D3VL1UGe3Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 15 May 2024 16:45:52 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 90ms
51ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1715787951967&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 15 May 2024 15:45:52 GMT
expires: Wed, 15 May 2024 15:45:52 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPoghQ67G7jNdhEo_JM7n-sJAdC5mrSx2EIds9MVtQXQauKWr00DT13CF3UVDiFX9PNL8bfp-ekI4Q

GET
H2 200 6si.min.js Show response
j.6sc.co/ 66 KB
18 KB 33ms
33ms Script
application/javascript 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e1efa08e-e135-4766-9e10-b54f0663900a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 May 2024 06:01:25 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "663c66b5-106b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 18038
expires: Wed, 15 May 2024 15:45:51 GMT

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
343 B 99ms
59ms Fetch
text/plain 34.117.110.211
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1715787951969
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.110.211 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 211.110.117.34.bc.googleusercontent.com
Software: nginx/1.25.5 /
Resource Hash: 1142f1c97358be5d7fbfc9aa54d23dd897846f653826fb01fa0f54ae7b8e9e06

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:52 GMT
via: 1.1 google
server: nginx/1.25.5
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.avanan.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
741 B 364ms
61ms Fetch
application/json 104.26.11.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&s=128904

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.11.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.avanan.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JooyLAu%2FjaE7YFhSmq5uKMu0cGCd52cfCfqAMWGsgqK4HbyIDG%2B5MrFBNVAGHghrciqSTPhcscFUNo7LHPxUWcCwp0PBjNDpGvim6wO1hN6zcxzK4wJrqLPt1rEZxgO%2BaRlwLsONeHva9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 884441edcd73ac87-YYZ
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 modules.e5979922753cf3b8b069.js Show response
script.hotjar.com/ 222 KB
55 KB 395ms
49ms Script
application/javascript 99.84.191.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.e5979922753cf3b8b069.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.191.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-191-41.iad89.r.cloudfront.net

Software

Resource Hash

0c9367da8b34432f76a9ff9f347fc20129239f9a6b137bed9a830d02f501e89e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 13:37:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 6c2e384f59feb64a0c739aee7f890066.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C2
age: 94126
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55998
last-modified: Tue, 14 May 2024 13:36:29 GMT
etag: "dabac5cc8e90131b43632bc82895bb8e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: L8D5X7OqhbeHqlKH6qfEUo1ypLzIzKIsUBz_7DxY4kW0PB5tuZ6sJA==

GET
H2 204 25018126.js Show response
bat.bing.com/p/action/ 0
118 B 48ms
47ms Script
text/plain 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25018126.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 15 May 2024 15:45:51 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DBE01582162240898CCDEA6EEE3D7467 Ref B: YTO01EDGE0810 Ref C: 2024-05-15T15:45:51Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
361 B 59ms
58ms Image
text/plain 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25018126&tm=gtm002&Ver=2&mid=ab71e83b-eaaa-438d-bdf5-3dbe2ec97f23&sid=35615fd012d211ef9c27871815038e10&vid=356162c012d211ef908b758a1aa2932d&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Teams%20Attacks%20Continue%20to%20Spread&p=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&r=&lt=1098&evt=pageLoad&sv=1&rn=600763

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 15 May 2024 15:45:51 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0A43E3BBE77446594ADE3186D6733A4 Ref B: YTO01EDGE0810 Ref C: 2024-05-15T15:45:51Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
275 B 1113ms
34ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1936026250043111&ev=PageView&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&rl=&if=false&ts=1715787952004&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1715787952003.940232332&ler=empty&cdl=API_unavailable&it=1715787951919&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1380, tbw=2764, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 15 May 2024 15:45:53 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
699 B 104ms
34ms XHR
application/json 68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.114 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
an-x-request-uuid: 1976602f-0b66-4e1c-9932-02a1ae1d223a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.avanan.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 149.88.16.200; 149.88.16.200; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 39ms
33ms XHR
text/html 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:52 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.avanan.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
281 B 393ms
64ms XHR
text/html 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.avanan.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1715787952323_400219721_365743205_20_796_15_67_219";dur=1
content-length: 4
expires: Wed, 15 May 2024 15:45:52 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
64 B 50ms
49ms Image
image/gif 142.251.16.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1715787951949&cv=11&fst=1715785200000&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq6SEppiPqjaVM8LiMfOF8Wlric1lPkg&random=2573247509&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.105 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/881234066/ 42 B
64 B 50ms
49ms Image
image/gif 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/881234066/?random=1715787951949&cv=11&fst=1715785200000&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq6SEppiPqjaVM8LiMfOF8Wlric1lPkg&random=2573247509&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
64 B 52ms
52ms Image
image/gif 142.251.16.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1715787951943&cv=11&fst=1715785200000&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqzZV_8O6PUP3lHRMPQxNLIgNdI7KHHw&random=635518193&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.105 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/881234066/ 42 B
64 B 50ms
49ms Image
image/gif 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/881234066/?random=1715787951943&cv=11&fst=1715785200000&bg=ffffff&guid=ON&async=1&gtm=45be45d0v9175590393z879081916za201&gcd=13r3r3r3r5&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=Teams%20Attacks%20Continue%20to%20Spread&npa=0&pscdl=noapi&auid=2078681402.1715787952&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqzZV_8O6PUP3lHRMPQxNLIgNdI7KHHw&random=635518193&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.94 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 41ms
35ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:52 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 41ms
35ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22af1e717890f3605d16fc823643e05b8c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2288f41a99bd1fcf8636165556d51c5d9423931073%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e1efa08e-e135-4766-9e10-b54f0663900a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:52 GMT

GET
BLOB 200
OK 22d50beb-f82e-4f6c-9f2d-5132c68356e3
https://www.avanan.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.avanan.com/22d50beb-f82e-4f6c-9f2d-5132c68356e3
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 755 B
714 B 366ms
45ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: Token 88f41a99bd1fcf8636165556d51c5d9423931073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-6s-CustomID: WebTag e1efa08e-e135-4766-9e10-b54f0663900a
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
sec-ch-ua-platform: "Win32"

Response headers

x-trace-id: 5965331694533009349
date: Wed, 15 May 2024 15:45:52 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-east-1a
access-control-allow-origin: https://www.avanan.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 396

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 130ms
41ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.avanan.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 15 May 2024 15:45:52 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-east-1a
x-trace-id: 7261919977798256680

POST
H2 204 collect
analytics.google.com/g/ 0
45 B 45ms
44ms Ping
text/plain 172.253.62.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-48VXKGDGCV&gtm=45je45d0v881001595z879081916za200&_p=1715787950532&gcs=G111&gcd=13r3r3r3r5&npa=0&dma=0&cid=2088475095.1715787952&ul=en-ca&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1715787951&sct=1&seg=0&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&dt=Teams%20Attacks%20Continue%20to%20Spread&en=6si_data_loaded&ep.e_action=6si_company_details&ep.e_label=6si_data_loaded&_et=805&up.company_name_6s=(Non-company%20Visit)&up.company_domain_6s=&up.industry_6s=&up.employee_range_6s=&up.segments_6s=&up.revenue_range_6s=&up.employee_count_6s=&up.country_6s=United%20States&up.company_segment_ids_6s=&up.company_match_6s=Non-actionable%20Match&up.company_is_blacklisted_6s=false&up.company_is_6qa_6s=false&tfd=2682
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.253.62.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bc-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:52 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 49ms
48ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A52%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:53 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:53 GMT

GET
H2 200 insent Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ 80 KB
23 KB 141ms
40ms Script
binary/octet-stream 99.84.191.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.191.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-191-75.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 3924198dd88678a1cab97875f32b6f20.cloudfront.net (CloudFront)
date: Wed, 15 May 2024 01:12:52 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C2
age: 52382
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: lYOzCe_ha0MOWbCf7ztgd_bR-SOLkuE-VRwYj9eftAyScsdfec5ucw==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
573 B 78ms
75ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-ca&bfp=839036836&v=1.1&a=1835778&pi=123632260951&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&cpi=123632260951&cgi=4153530738&lpi=123632260951&lvi=123632260951&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&t=Teams+Attacks+Continue+to+Spread&cts=1715787953138&vi=93a309a239f4698784456c2ded61e038&nc=true&u=23485541.93a309a239f4698784456c2ded61e038.1715787953132.1715787953132.1715787953132.1&b=23485541.1.1715787953133&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5b436083-d8c6-4ee9-a37b-dc672f4d2b84
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5b436083-d8c6-4ee9-a37b-dc672f4d2b84
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydb48zaLhdaMTcd3wyTq6e8y74R6KJPneUM6MUJHlwDPpbZJ6qxGRmfLdD6vOzlFK2c2cCZytsybkXMEqHbl2B2AHiuPrlY3OYiWqZ4MMeIXlPcEFamUgEyznw%2F94mRJBIEh"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 884441f33bc236c2-YYZ
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
580 B 62ms
60ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 16fcf35b-440b-4f04-bc00-4adbb0431bcd
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 16fcf35b-440b-4f04-bc00-4adbb0431bcd
last-modified: Wed, 15 May 2024 15:45:53 GMT
server: cloudflare
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 884441f33a69ab10-YYZ

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
510 B 79ms
77ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c953fa87-efa0-494e-9947-98ffe764fcd8%22%2C%22456f8fc2-2a2d-451b-be42-2ab5d22687fa%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-ca&bfp=839036836&v=1.1&a=1835778&pi=123632260951&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&cpi=123632260951&cgi=4153530738&lpi=123632260951&lvi=123632260951&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&t=Teams+Attacks+Continue+to+Spread&cts=1715787953147&vi=93a309a239f4698784456c2ded61e038&nc=true&u=23485541.93a309a239f4698784456c2ded61e038.1715787953132.1715787953132.1715787953132.1&b=23485541.1.1715787953133&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c766adb2-969e-4ab6-afcd-0d427925aa44
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c766adb2-969e-4ab6-afcd-0d427925aa44
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nynvBXM7F%2Fl2UU%2BQYupMi9Ol5Gqcl3sGtxRIWCRtZjI%2B4T40XcOTHqKPcS2zP8Dz9UFoJlBL3%2FzNaa0XJMblvpXoiEAPTs0NLS899vT8fuMIE9rArsVa7Ber4i%2Bwt8qlEBDM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-hch7x
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 884441f33bbf36c2-YYZ
x-robots-tag: none

GET
H2 200 share_button.php
www.facebook.com/v3.0/plugins/ Frame 1AC5 0
0 237ms
168ms Document
text/html 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dff6383421cb95478e%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffcbc6d848d6baf57e%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=19d11083138e44f7e74bfb70c922a4ad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Wed, 15 May 2024 15:45:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v13.0
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1380, tbw=19431, tp=-1, tpl=-1, uplat=118, ullat=0
x-fb-debug: ed9xnx1ertJb62/MWWbENw3Rfse5xaD64BQaiBCRPUmds611KJ9GwlCcQnfk0PR5vgSZro9KEd9jrAi1k+LIrA==
x-xss-protection: 0

GET
H2 200 share_button.php
www.facebook.com/v3.0/plugins/ Frame 0D0A 0
0 213ms
149ms Document
text/html 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2c92382dd7d63b47%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffcbc6d848d6baf57e%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=19d11083138e44f7e74bfb70c922a4ad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Wed, 15 May 2024 15:45:53 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v13.0
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1380, tbw=2779, tp=-1, tpl=-1, uplat=114, ullat=0
x-fb-debug: QBwNn0GyiThspZ0+AmL9wQFnnz2fbLLy2u6nNmtlNfWlfM1aOxydDjiVn+Z1SJIitRNLUIO/EipHKx1crNdsZg==
x-xss-protection: 0

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
3 KB 160ms
114ms XHR
application/json 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1835778&utk=93a309a239f4698784456c2ded61e038&__hstc=23485541.93a309a239f4698784456c2ded61e038.1715787953132.1715787953132.1715787953132.1&__hssc=23485541.1.1715787953133&contentId=123632260951&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f814d810728681ee9db28c180783ce4fdd358d611a379f50c1c1a9fa3cf50d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 63d436c5-65fa-4061-8789-68ec0b483fd7
content-encoding: br
x-envoy-upstream-service-time: 55
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 63d436c5-65fa-4061-8789-68ec0b483fd7
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-9fd6b4b-jbmqh
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ALhWCimEbBshNzSmmV19Ij3bkSDC30GlJQEU9qhLLS3V28d98eviH0xsxIqE%2BKQGDRN3SeeiVwPxeNac1%2B7px0mltnYW4dNI3GJEZxEX3T6jYCBjrd58ZqQtYDc9PLnCi%2BG"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 884441f3dc7eaaaa-YYZ

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
452 B 74ms
73ms Image
image/gif 104.16.118.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=9862d401-d68f-4977-9e32-b0849cab6384&lfi=4974344&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-ca&bfp=839036836&v=1.1&a=1835778&pi=123632260951&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread&cpi=123632260951&cgi=4153530738&lpi=123632260951&lvi=123632260951&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&t=Teams+Attacks+Continue+to+Spread&cts=1715787953365&vi=93a309a239f4698784456c2ded61e038&nc=true&u=23485541.93a309a239f4698784456c2ded61e038.1715787953132.1715787953132.1715787953132.1&b=23485541.1.1715787953133&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.118.116 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e013c449-760a-4e6c-af3e-c438f9c11659
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 12
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e013c449-760a-4e6c-af3e-c438f9c11659
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YtfNC3uzFFIJm68hq9YJZlPq0Fx5xy9hvkgGh0TBMy7kmVHf7Jwye0HiujCM8S8BVhcdK%2BSYQlbtp%2FOXgQlYAh7f2kZnE%2F0tyQNY%2BE6w7ehyvX6VI%2BRwzcZ3001rXbRnvAwY"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-fn8tt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 884441f49d5036c2-YYZ
x-robots-tag: none

GET
H2 200 /
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame D67B 0
0 100ms
35ms Document
text/html 99.84.191.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&event_listener=MXnk25RsQSNASdk&hubspot_cookies=[%2293a309a239f4698784456c2ded61e038%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.191.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-191-13.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 18168531
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Wed, 18 Oct 2023 08:57:03 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 b051e9c33308597b659c33b8999b521c.cloudfront.net (CloudFront)
x-amz-cf-id: Ro-cYbzF6FBitnBdhge0cGL_QW7fVWZUcoK4-r2tNdyuD2pmMt7pKA==
x-amz-cf-pop: IAD89-C2
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
H3 200 favicon-pink.png
www.avanan.com/hubfs/website/img/logos/ 12 KB
14 KB 54ms
52ms Other
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/img/logos/favicon-pink.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5854b710ec238cef8971f60166d132b6149306ee310f60777821aa8d0bffce1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-57085483791,FD-10543998406,P-1835778,FLS-ALL
age: 59340
x-amz-request-id: 7GG9ZY1WGD406G3K
x-amz-server-side-encryption: AES256
edge-cache-tag: F-57085483791,FD-10543998406,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="favicon-pink.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "40ea46592b60b620475f6cdfbd9aa9d8"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1633723195968
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 c823350775ceb593355f2c0ee7cd3b2a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: hgBkXrrhfw1PEpTbjEoqVO3sp2F_PxRR
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=28544
x-cache: RefreshHit from cloudfront
cache-tag: F-57085483791,FD-10543998406,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 12620
x-amz-id-2: esgteEtcRuKx8Xw0UpF1AK0dyxfJ8OmrsFUvQ0HEL/7tEfqAaeqg19eMSHY+jGtu9aZHtmb1sgQ=
last-modified: Fri, 08 Oct 2021 19:59:57 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMWKRNDrGz5UVRVXwTbzmsyx9Owkqr4ALzu5zOu9HIAKxwyABNhq%2BLrYOy313wbaM89AlYm79NOFXzN%2BXBYVZNiSju4gU7e1F5nI1fbPo473sE2%2BhYMbSOvuUvCMpM5f"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441f7093fab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: hOuDxPtyLwXkW0fO08hz233xzKUYrYSICadncugg0OdnkmPejKNquw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 35ms
35ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A53%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:54 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:54 GMT

GET
H3 200 blog-subscription-laptop-icon-2.png
www.avanan.com/hubfs/website/img/blog/ 208 KB
209 KB 230ms
230ms Image
image/png 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/blog-subscription-laptop-icon-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d263c0e9f2ab7fc6adc0d2fd9ae3553dd30e4b4bcf4754e6a56f434823697386

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-request-id: JG90RH1ZPFNWH89Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "8d71f834d25a82123bd27e64ec06b767"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681321816755
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 15 May 2024 15:45:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 4698560343897987b5ef826f71e0fcb0.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: eGk4cuTrlwYommw7ReeuO26P_osPr7sE
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 212633
x-amz-id-2: DR3KDz4U4CMnLrxi9Jx3NVxXe1BOBVAueoaIziu8UQkDJgMAsgy3oG4vckfytYbKNJvFLXN+Bas=
last-modified: Wed, 12 Apr 2023 17:50:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ieXd9ew8KKUISD%2Ffj39%2B%2FtnmuEoKDJbsqavJrUCm7O4%2FJRwVhuKIFgcXIpQ%2FM9agc%2FBO0V24WNawvA6M8UqwNclNuWX3Df4TZWc4I5xkM1CFwdboqr75FNzXub%2Fc5jke"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 884441fade7dab69-YYZ
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: iPmQBmNK3vCWm6mnNq2JR2bJf_SCk7a-P0sZ8bcScIwwUXOGJXrWVA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 58ms
57ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:55 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:55 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
259 B 36ms
35ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A55%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%224008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:56 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:56 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
260 B 39ms
38ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=312c9405-94a0-4aea-899b-3822dd4b8045&session=c1af16cd-bd37-49fd-895b-89e9806ee5cd&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20May%202024%2015%3A45%3A56%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%225010%22%7D&isIframe=false&m=%7B%22description%22%3A%22Teams%20attacks%20are%20gaining%20in%20popularity.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Teams%20Attacks%20Continue%20to%20Spread%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&pageViewId=3ed4ba20-948f-405c-84c2-f4f1597b3c85&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.20

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 15 May 2024 15:45:57 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 15 May 2024 15:45:57 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?8

Domain: vidassets.terminus.services
URL: https://vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/t.js

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.avanan.com/	1970-01-20 20:36:29	Name: __cf_bm Value: BYrLrXZwVWTeuBDZ2pFtVuVbV0uD1femKncvxM0K1zk-1715787949-1.0.1.1-bxXHtCNxVRZ6VrGRKPIvaP2K3PRqltqF9FkTvnjZl244oYggxJ2Zg6Q7EvjhP8T8hCJwSj0efaEVh2kZL9LW6w
.www.avanan.com/	1969-12-31 23:59:59	Name: __cfruid Value: 45297f53065a0d429e3e86caa9d09b7499741d1d-1715787949
.hubspot.com/	1970-01-20 20:36:29	Name: __cf_bm Value: YNs7VvbiYiQv09p783kJxmEtA8PWegVjge8EoFrs0cc-1715787950-1.0.1.1-6FLidsuqaOX2mhLzPdFt5REZMIqB6YXQhvY7MVs83lnxqSvKRyPzKn2JQ.U6mHhdzzUyI5OsdOgc8kdzkWv_PQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: ylUqBKrKSNA9px7fKh7Va3EG1PKfCI3DMtr5bHHL5_g-1715787950791-0.0.1.1-604800000
.gartner.com/	1970-01-20 20:36:29	Name: __cf_bm Value: HYRNzB5Fc4jQ_36j5gaK70s1ZJwly2zIexkUJsak1zY-1715787950-1.0.1.1-Q2DiPpTYk13azUqyQSui5WwQhAzigHTFei3wt0BPw9mtBlo03NZLGC2Y0JG1_Q2aKu.Lnv8_fFOzRPeHq7rhAw
.gartner.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 0Pdb1GM1Kdsz6302EfDsCIz8YjNpoVAfIDda_fakJbI-1715787950971-0.0.1.1-604800000
.avanan.com/	1970-01-21 05:22:03	Name: _lfa Value: LF1.1.1b5fd166034febd8.1715787951064
.gartner.com/	1970-01-21 05:22:03	Name: cf_clearance Value: ozdzsO9T6uYHRUV89rea8gFmerJxFp9WbEbocZiq10U-1715787951-1.0.1.1-vMksxDoCLEnQkVcra8NYJFhIFgzBYO38UszWxysM_xOD_sC2Yv1NljTxm5nQ7uYQs1Wmz3LkWY1mSjyzEcUMLw
.hsforms.com/	1970-01-20 20:36:29	Name: __cf_bm Value: lGTqwhDBOR1iAaEmMkf3I57CPfvJ25Cq7BffjMiOUVU-1715787951-1.0.1.1-RKy1PvjhRx0SzgYjDXUlN7pgdB9UzYh4yCQ.wcYyoCLI_Dhqq6iFz__T34efZiBzAwotgHZL4ciV73PKS3uNhw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: WKD2qsaDT5X_GFFB54eWAaW5Wt5pjcLU3jIyPqk0Ctg-1715787951304-0.0.1.1-604800000
.linkedin.com/	1970-01-20 22:46:03	Name: li_sugr Value: 9cb7e2d2-d54c-4d88-9e22-f180f2105674
.linkedin.com/	1970-01-21 05:22:03	Name: bcookie Value: "v=2&b5093fae-c89b-484c-8eec-9a2f092051e2"
.linkedin.com/	1970-01-20 20:37:54	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=3094:u=1:x=1:i=1715787951:t=1715874351:v=2:sig=AQFYFVPDFCh59nnBA_WsxOacuFn09s54"
.linkedin.com/	1970-01-20 21:19:39	Name: UserMatchHistory Value: AQK11K-U1CfZBQAAAY987m3W_glh2iK0ecM75SFIN4vATTLahYCM0l17RxvaFdqxtMRrEtNicEerfA
.linkedin.com/	1970-01-20 21:19:39	Name: AnalyticsSyncHistory Value: AQJ6F8ZENi2Z6wAAAY987m3Wvr-1IN0sDZtUaOEqVi61sJudNqLsGQzcGIJgAXn15F82zXVxZdueP3h-x6F-Tw
.www.linkedin.com/	1970-01-21 05:22:03	Name: bscookie Value: "v=1&202405151545510be7b8e7-0798-4a22-84e9-5eb548ce339fAQEYosl7uGwKlA_YSfGWMR04jwHR0rgf"
.avanan.com/	1970-01-20 22:46:03	Name: _gcl_au Value: 1.1.2078681402.1715787952
www.avanan.com/	1970-01-21 06:12:27	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+May+15+2024+08%3A45%3A51+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202308.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=52ab78af-ed33-4276-a843-22799d58a86a&interactionCount=0&landingPath=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.techtarget.com/	1970-01-20 20:36:29	Name: __cf_bm Value: _rK2PEaSLPgb4Pze.qdV_DnyYiGx1n94pIyH6QrXgMg-1715787951-1.0.1.1-U43N7uJ2kzYHKc9LLBr2y6L4.2XCtimm4fpQgFHOsFstuwt1lAQ2f3SzfaI4EkojBRafXZNY8UjeBfYAgjisKg
.avanan.com/	1970-01-21 06:12:27	Name: _ga Value: GA1.1.2088475095.1715787952
.capterra.com/	1970-01-20 20:36:29	Name: __cf_bm Value: LygxVMZL9SG_E1aBnIIIjjGOcAzwzXDpK8FI7cQQN_g-1715787951-1.0.1.1-ARH4b0b1qr02HzIdGjgrCj9j.k2nLHr.zz0TwT6D2BdR5tV55DtHaA07ghzDVpLnXKEegOCcFPuPByKzItb6rg
tracking.g2crowd.com/	1970-01-20 20:56:37	Name: _session_id Value: 097908a9a737b4b093b755610eada1a7
.g2crowd.com/	1970-01-20 20:36:29	Name: __cf_bm Value: eDGLMI5q.84u58WD7O8j50vf962XPjdKR82cPgfIGvQ-1715787951-1.0.1.1-QUj7KQfJieBkpd7XODWPQETPtr_RRxvTQa0nBbuo2zu90Zxk.gsmiIDh8XfGRIH.oZcXV5r913y_GjfFwPAPrA
.avanan.com/	1970-01-20 20:37:54	Name: _uetsid Value: 35615fd012d211ef9c27871815038e10
.avanan.com/	1970-01-21 05:58:03	Name: _uetvid Value: 356162c012d211ef908b758a1aa2932d
.avanan.com/	1970-01-20 22:46:03	Name: _fbp Value: fb.1.1715787952003.940232332
.doubleclick.net/	1970-01-20 20:36:28	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-21 05:58:03	Name: MUID Value: 2CA57B51B40A6A5C1A606FD1B5206B80
.bat.bing.com/	1970-01-20 20:46:32	Name: MR Value: 0
.influ2.com/	1970-01-21 05:22:03	Name: R Value: 580665863007835e5dec342e
.adnxs.com/	1970-01-21 06:12:27	Name: receive-cookie-deprecation Value: 1
www.avanan.com/	1970-01-20 20:46:32	Name: _an_uid Value: 0
www.avanan.com/	1970-01-21 06:12:27	Name: _gd_visitor Value: 312c9405-94a0-4aea-899b-3822dd4b8045
www.avanan.com/	1970-01-20 20:36:42	Name: _gd_session Value: c1af16cd-bd37-49fd-895b-89e9806ee5cd
.avanan.com/	1970-01-21 05:22:03	Name: _hjSessionUser_2523353 Value: eyJpZCI6IjViZjg4MmNhLTlkZmMtNWViYi1iMmMzLTg2ZjgyOWY3NDkwZSIsImNyZWF0ZWQiOjE3MTU3ODc5NTI0NDMsImV4aXN0aW5nIjpmYWxzZX0=
.avanan.com/	1970-01-20 20:36:29	Name: _hjSession_2523353 Value: eyJpZCI6ImJkODE4Zjc0LWE3MzItNDExZS05NWVjLThiY2ZiZmI2MDBiNCIsImMiOjE3MTU3ODc5NTI0NDQsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.avanan.com/	1970-01-21 06:12:27	Name: _ga_48VXKGDGCV Value: GS1.1.1715787951.1.0.1715787952.59.0.0
.avanan.com/	1970-01-21 00:55:39	Name: __hstc Value: 23485541.93a309a239f4698784456c2ded61e038.1715787953132.1715787953132.1715787953132.1
.avanan.com/	1970-01-21 00:55:39	Name: hubspotutk Value: 93a309a239f4698784456c2ded61e038
.avanan.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.avanan.com/	1970-01-20 20:36:29	Name: __hssc Value: 23485541.1.1715787953133

82 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fe3t%2FCtc%2F2H%2B113%2FccGyW04%2FMVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04 Message: Failed to load resource: the server responded with a status of 500 ()
other	warning	URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/MVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04 Message: Load failed or canceled (net::ERR_ABORTED; HTTP status 500) for rule set requested from "https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fe3t%2FCtc%2F2H%2B113%2FccGyW04%2FMVvX5RN8FkxVh6X4k127KSjW2XSKgS5dWPvrN1PJbvF3qgyTW95jsWP6lZ3mBW5rL_wg2GsBh3W6Dg8ZF8QkBNFW7dmS761j9y_GW8lsm7q87kR3gN4gMwrCFxmX7W26Lwwq90T6L2W7ZsKnW7q0J6rW8-sctt7sfVvsW47Vlhk190LR6W7XKRHW6Z4nSGW1r253J5L64JhW3zDmFz8_pxSMW6KfDlY48KwtpW5Sw79P4k0tyNW8LQnz836rqpgW7hqd5L4CXr96W1YRfJM4Nw9NsW5zj_Cv5tSfF4VSS0Gp642fD8W6398R34sqd-kW2xgY-G2CYvrpW6G67P31vh9-nW1rMLcz3fPJcSW3BKpwD5jmjZ0W9hVRgp4mMkNcW2yFvyj7fH6qWMBzhjc5ls5zW3qQ7zH2S3N6YW253Y0V87rNVjW8_n3-j5KCK4ndt3WRC04" found in Speculation-Rules header.
network	error	URL: https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Load failed or canceled (net::ERR_ABORTED; HTTP status 404) for rule set requested from "https://www.avanan.com/cdn-cgi/speculation-rules?url=www.avanan.com%2Fblog%2Fteams-attacks-continue-to-spread%3Futm_campaign%3DCampaign%2520-%2520PDF%2520Phishing%2520EMEA%2520APAC%25204%252F25%2520-%2520FY24%26utm_medium%3Demail%26_hsenc%3Dp2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA%26_hsmi%3D304027062%26utm_content%3D304027062%26utm_source%3Dhs_automation" found in Speculation-Rules header.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2213) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2213) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2213) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2213) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2227) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2227) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2227) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2227) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2229) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation(Line 2229) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?8 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1936026250043111?v=2.9.156&r=stable&domain=www.avanan.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/teams-attacks-continue-to-spread?utm_campaign=Campaign%20-%20PDF%20Phishing%20EMEA%20APAC%204%2F25%20-%20FY24&utm_medium=email&_hsenc=p2ANqtz-9d4HSD9uYkTS0t8B7BvWPaTdlt2LXCMn1wabtfnO4HgROawOxnz3plAh4IDdFFSMLJ0ipgSoGI1Gsp4eRQC2TvYF9ONA&_hsmi=304027062&utm_content=304027062&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api.hubapi.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn2.hubspot.net
cdnjs.cloudflare.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
connect.facebook.net
ct.capterra.com
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
d26x5ounzdjojj.cloudfront.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
geolocation.onetrust.com
github.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscta.net
js.hsleadflows.net
lftracker.leadfeeder.com
no-cache.hubspot.com
pagead2.googlesyndication.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
raw.githubusercontent.com
script.hotjar.com
secure.adnxs.com
settings.luckyorange.net
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.influ2.com
tr.lfeeder.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
use.fontawesome.com
vidassets.terminus.services
www.avanan.com
www.facebook.com
www.gartner.com
www.google.ca
www.google.com
www.googletagmanager.com
www.influ2.com
www.linkedin.com
d26x5ounzdjojj.cloudfront.net
vidassets.terminus.services
104.16.118.116
104.17.128.172
104.17.175.201
104.17.176.91
104.17.24.14
104.17.37.207
104.18.139.17
104.18.16.169
104.18.240.108
104.18.34.221
104.18.43.31
104.18.88.62
104.19.175.188
104.19.177.52
104.244.42.8
104.26.11.16
13.107.21.237
13.107.42.14
13.248.142.121
13.249.39.43
140.82.112.3
142.251.111.154
142.251.111.97
142.251.16.105
142.251.16.94
172.253.115.155
172.253.115.95
172.253.62.101
172.253.62.157
172.64.151.60
172.64.153.27
172.64.153.35
172.64.155.119
172.67.142.245
18.160.0.29
18.160.41.49
185.199.108.133
199.60.103.2
23.205.106.73
23.218.217.183
3.162.112.71
31.13.66.19
31.13.66.35
34.107.254.219
34.111.208.231
34.117.110.211
64.233.180.94
68.67.160.114
72.21.91.66
99.84.191.13
99.84.191.41
99.84.191.75
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
06569c31071f169a24649f3312a1bf0ee54e4927438a317de61e0c28dbec67ba
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
0c9367da8b34432f76a9ff9f347fc20129239f9a6b137bed9a830d02f501e89e
1142f1c97358be5d7fbfc9aa54d23dd897846f653826fb01fa0f54ae7b8e9e06
135605a67753022e50323925dccf6f75cba6b768d849ad04767bcb24cd453037
172f0599dd2d71ffd8a8dd522c558d69c73f73d291b5b00686e05585944880a9
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
17520dd2a2d69ca601d3f9a69de5ef26e27e89df0ae744c0630f874ec0827a1d
1b5055f0e4f12757f77cb6a296d6dcf95a02784c987731892dcfa730d12dd0f3
1cebdabb8b93d36dc52cda86ff6cdb3a2a59562512218d4dc5d0875551c683ca
24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9
255ca75c18fc3a2a68709668d2affadd648586c97c568b0779a8c2187e542fe3
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
39711d4f5497a9c5b6265ff9ba251549d0f44834c0eabeffdb044a79546f3e71
3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
450c1470f12b1372dd158c194cba39f64f262c5481f9b0ac8361420101474da1
48c0ca426cf9542d9f4caa219720ce1e5074c87fc5b223b6519317ff58f044ae
497ef5e6ce4cb859475f843cbf3991f16d408ed47403c5d968b70c3cd6404674
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
52676744c5fe8b3e5c4de2eca3e7df4f7a740c71bd8d8b91cac46f1b2c55208a
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
5854b710ec238cef8971f60166d132b6149306ee310f60777821aa8d0bffce1d
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
5c2040949f208d10bddd10a17976d22632637e933cc878d2808450d5e128ca72
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5e7987029645823b1d06c8a857a7bd18cc16bc14d315aa6865d2251c8c3e7e1e
5eeb903b2d5bca21ff576c8f051d446d06bca573edd729e5620c4cfe05f28ed1
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
6f02b37f1f9ed3c1998e50bbd1b6713584fc0bd20cd4213501921b2b1effc3eb
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
766f80c74c4bf212a37cac8008e72ce201136f46f1e04d269bb3c2b7383925ff
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7de470eb749b68a909379ee3bef2073c96c0a5f8f0df1b2f56a699cf2a4742d2
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
867cdc7355d82d6fb8019a89043be06c9e565f14f2775f849b69cb1e5f4feb2a
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88b528e2fb3951ba4169df88d226e6aa6d04f2b9dd010986e244b26a3fa325d4
8925dcebe675f80e0d8aa3f5ce2eaac3bd94d251edb40ddedabd74c5d1cfbeeb
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8fabb98047b3ac3d7b59923b47ee509c0b5e1e4846dfe701173e71080cf8493c
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
90798df68ecbb59920e7c732d62d6a15b436a2726c15b9fa0d44163fc1e721a7
9118d0e3bfe5dad7fe02af6c3d290ca33a55e1e6bf41e0b529dd6bd2209f5b02
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
99638cf918a36ae5912b6e521489ec6f3c8cb82e2e21e2f43941b86f8b223aa6
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
a3afc764c9f3be5107a78709e026aa850c8fdbb077d68933b5cc233ca6bf08d3
a466bdd4124e2463ce30ee35733e78f0e983cf335ae1a754a6bab723376f8c9e
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad66b40ac6fb0451baa6f252864ee213eb292767fe47d1cfc08656ba5b64e1c4
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3b8d6b091f42a65173993cc917c93da698519b1c3949a04c82b49afe0c0bbc8
b521cf21eb734ff6b687aef8f56b3ab1be44709262716e6817b1898bbc2b986d
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c23897aca0e8b6872a55fe59a195c071b5190411702dfb48ac2604f8bec31ed4
c2f85bc03d72fdd58ac7fb2cb580914b4679bcf8c99533ba20743ee73d0e28ce
cab0bd7418905a8b7ac2510a8708b4bcb01af80459e20265582d4d96ae931c06
cbcdfdd67e7238d3ee51721fb9ed7c8b49b3dd7c40e065df51f6cfcb87229aa6
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
d0ad8e1171410fba88207a9431fac8aec7bcae5f55697ad90a22157dc1ce5ada
d263c0e9f2ab7fc6adc0d2fd9ae3553dd30e4b4bcf4754e6a56f434823697386
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d49ca90e19dcd3e070c90b7da3e1cbf7117383e512e4fe80d5f7cfa412b77c83
d88a3f1078ebb4d9a07cd59f3b3dbdf7d9b82eb34b702f10e82181f6725e2194
d9471c2023cb016db2280a248bd8c47f9a87ece862578b0f2308ed7308191c9e
d98dd90e603d4835ac3c0eb988b5574530c225d0075fe87709e5158e1549178c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc93c5b3243e66c7b2e27c51b76fa6a11bd7a6d7546c5fa26bbffa001f885305
dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
dfe1ede216323e004cb709efa886a6d8e235d2174f9291b5f005213e1cdcf046
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ea2f518f11ff45604fad154b83f97feed748ccb0bf3ea084024685b2e2846355
edb06075992908075437d1712e9eb65c0fe1bbaa745ceb94e1a9f7c9f1b5e6e7
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef61f745ab49ef3bbdb192b7f791f9d645caa5f89817f099470397b13e742ea8
efb5dc6835aeb8a8e1615ca49df1828cfaf708dc73651c5f1c651f2d2ab3907a
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
f814d810728681ee9db28c180783ce4fdd358d611a379f50c1c1a9fa3cf50d16
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe1d77182f48fdeb7d27527565f4c8d2b598af1077cbc5aa5add9fa6adc10245
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d

www.avanan.com Open in urlscan Pro 199.60.103.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

178 Requests

96 %HTTPS

0 %IPv6

45 Domains

61 Subdomains

52 IPs

2 Countries

4339 kBTransfer

9412 kBSize

41 Cookies

11 Outgoing links

Page URL History

Redirected requests

178 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.avanan.com Open in urlscan Pro
199.60.103.2 Public Scan

Screenshot
Live screenshot

Full Image

178
Requests

96 %
HTTPS

0 %
IPv6

45
Domains

61
Subdomains

52
IPs

2
Countries

4339 kB
Transfer

9412 kB
Size

41
Cookies

178 HTTP transactions
0 data transactions