www.graphus.ai Open in urlscan Pro
2606:4700:20::681a:9a4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Submission: On January 12 via api (January 12th 2021, 10:45:49 pm UTC) from US

Summary HTTP 93 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 28 IPs in 6 countries across 24 domains to perform 93 HTTP transactions. The main IP is 2606:4700:20::681a:9a4, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.graphus.ai.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 17th 2020. Valid for: a year.

This is the only time www.graphus.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:20:... 2606:4700:20::681a:9a4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:814::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:625	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d3cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
1	172.217.22.34 172.217.22.34	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.93.97 143.204.93.97	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:44b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:7fab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
93	28

5 2606:4700:20::681a:9a4 (United States)

ASN13335 (CLOUDFLARENET, US)

www.graphus.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

mk0graphus6hi9e9iec2.kinstacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:625 (United States)

ASN13335 (CLOUDFLARENET, US)

app.prontomarketing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d3cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f34.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.93.97 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-93-97.fra50.r.cloudfront.net

tracker.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:44b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eccc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7fab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	kinstacdn.com mk0graphus6hi9e9iec2.kinstacdn.com	796 KB
6	google-analytics.com www.google-analytics.com ssl.google-analytics.com	37 KB
5	hubspot.com api.hubspot.com forms.hubspot.com track.hubspot.com app.hubspot.com	2 KB
5	graphus.ai www.graphus.ai	27 KB
3	google.de www.google.de	698 B
3	google.com www.google.com	476 B
3	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	2 KB
2	facebook.com www.facebook.com	342 B
2	facebook.net connect.facebook.net	92 KB
2	marinsm.com tracker.marinsm.com	3 KB
2	bing.com bat.bing.com	9 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	prontomarketing.com app.prontomarketing.com	3 KB
2	googletagmanager.com www.googletagmanager.com	83 KB
1	linkedin.com px.ads.linkedin.com	619 B
1	hscollectedforms.net js.hscollectedforms.net	25 KB
1	usemessages.com js.usemessages.com	20 KB
1	hs-banner.com js.hs-banner.com	14 KB
1	hs-analytics.net js.hs-analytics.net	18 KB
1	licdn.com snap.licdn.com	2 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	googleapis.com fonts.googleapis.com	602 B
1	hs-scripts.com js.hs-scripts.com	944 B
1	cloudflare.com cdnjs.cloudflare.com	2 KB
93	24

	Domain	Requested by
44	mk0graphus6hi9e9iec2.kinstacdn.com	www.graphus.ai mk0graphus6hi9e9iec2.kinstacdn.com
5	www.graphus.ai	www.graphus.ai mk0graphus6hi9e9iec2.kinstacdn.com
4	www.google-analytics.com	www.graphus.ai www.google-analytics.com
3	www.google.de	www.graphus.ai
3	www.google.com	www.graphus.ai
2	www.facebook.com	www.graphus.ai connect.facebook.net
2	api.hubspot.com	js.usemessages.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	connect.facebook.net	www.graphus.ai connect.facebook.net
2	tracker.marinsm.com	www.googletagmanager.com www.graphus.ai
2	bat.bing.com	www.googletagmanager.com www.graphus.ai
2	fonts.gstatic.com	fonts.googleapis.com
2	app.prontomarketing.com	www.graphus.ai app.prontomarketing.com
2	ssl.google-analytics.com	www.graphus.ai
2	www.googletagmanager.com	www.graphus.ai
1	app.hubspot.com	js.usemessages.com
1	track.hubspot.com
1	forms.hubspot.com	js.hscollectedforms.net
1	px.ads.linkedin.com	www.graphus.ai
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	snap.licdn.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	fonts.googleapis.com	www.graphus.ai
1	js.hs-scripts.com	www.graphus.ai
1	cdnjs.cloudflare.com	www.graphus.ai
93	29

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
cloud.graph.us
forms.office.com
angel.co

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-17` - `2021-08-17`	a year	crt.sh
*.kinstacdn.com COMODO RSA Domain Validation Secure Server CA	`2018-11-19` - `2021-02-16`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.marinsm.com DigiCert SHA2 Secure Server CA	`2020-02-24` - `2022-05-25`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Frame ID: 7720C0E9652814E0993CDD13DA1F5733
Requests: 91 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/7001790/threads/utk/d8ca0f56d7b24fe19fdabc6430c53a12?uuid=f7d8f6a26ef94fe5ba0f0f5ba4a5b793&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=d8ca0f56d7b24fe19fdabc6430c53a12&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 29133ABC77823759B4195FC90F91F9D1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

93
Requests

100 %
HTTPS

93 %
IPv6

24
Domains

29
Subdomains

28
IPs

6
Countries

1173 kB
Transfer

2654 kB
Size

27
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/GraphusInc/

Search URL Search Domain Scan URL

URL: https://twitter.com/graphusinc

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/graphus-inc-/

Search URL Search Domain Scan URL

URL: https://cloud.graph.us/selectlogin

Search URL Search Domain Scan URL

URL: https://forms.office.com/
Title: Microsoft Forms

Search URL Search Domain Scan URL

URL: https://angel.co/graphus/jobs
Title: Careers with Graphus

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

93 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/ 64 KB
16 KB 379ms
363ms Document
text/html 2606:4700:20::681a:9a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:9a4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5511eacc6e642b59d94adfac3eb12843934f6240712eae01e83902aec5fd5578

Security Headers

Name	Value
Content-Security-Policy
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.graphus.ai
:scheme: https
:path: /clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:31 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d1129f81196658848e86182ae8f3494ff1610491531; expires=Thu, 11-Feb-21 22:45:31 GMT; path=/; domain=.graphus.ai; HttpOnly; SameSite=Lax; Secure mtsnb_lastvisited=1610471261; expires=Fri, 10-Jan-2031 22:07:41 GMT; Max-Age=315360000; path=/; secure mtsnb_lastvisit_posts=%5B6683%5D; expires=Fri, 10-Jan-2031 22:07:41 GMT; Max-Age=315360000; path=/
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
x-pingback: https://www.graphus.ai/xmlrpc.php
link: <https://www.graphus.ai/wp-json/>; rel="https://api.w.org/" <https://www.graphus.ai/?p=6683>; rel=shortlink
content-security-policy
x-kinsta-cache: HIT
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZua27471fe212a938279db6bb7daca2b92
cf-cache-status: DYNAMIC
cf-request-id: 079a5fa96c00000614ec22b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FgdNm3%2BS67CXVp8IZHXJG1%2F35fqD0H8VclPI1Pnwd7cGx%2FEyXjQ1%2FFWO2jgQo8hvvtSYHFVzEO8Y3CzufOplVJixp00tjTNBSdQL8yrElqwign%2BBrVxT45CXYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610a6888abc10614-FRA
content-encoding: br

GET
H2 200 bootstrap.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/css/ 95 KB
17 KB 78ms
57ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/css/bootstrap.min.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1cbda21998b65e08a7e936114cabd7f7783d0f590dd6efdd58c7faa8b6e7b9aa

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 511976
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab100000dfdbbf8c4000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-17c3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ruopxUqFUtkeYrthO7o5IQDHeI9uWd5AjGOZFCvmeefWA4EA4Hn0Rvpb6A14bFE7J3sDeJwtULwhv0EKs6hldsmaGEu8buXs15Rf0QaDJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4f37dfdb-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu68a007593e61fb65f72ba4a6f30253f5
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 all.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/ 160 KB
32 KB 69ms
48ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 8511276a27014cf836b9ebaecd1e2ac49619482c9bcc3d0a080b56e64133348a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910993
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab1200002c3a0b845000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-280c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w%2Bq2Af9SfdS87Ab0BIgTMenfu%2BOq5DYniO8TytkmDaEzp7aeEC7NTh1yrt4Y%2BkZPjFpeIl4H%2FylHimA4DsaDsSzKPXpRlSN9YYYDwxf2kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b48822c3a-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0203aac328efde2e80deff7378634ea7
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 v4-shims.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/ 26 KB
5 KB 68ms
47ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/v4-shims.min.css?v=5.11.2-pro
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 4c6d5ac4c77a0cd4dcae820b87afd1ee0b18a72bf0dd8f7de168fd307ac47041

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910993
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab1100000610ca3f6000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-6751"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r8k5e7z7mzK0JwlCqOyfJt624KCyp5ePqUGGyeZb2pEmRC1qju%2B3X9CtfDs2mUiEPJ%2FRz3IbL2Mlhi76utIn7U5kXHcxeuKX7WH5tCcyGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4e250610-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu665b8cad751443b58f2967d9ddcec0b6
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 style.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/css/dist/block-library/ 52 KB
9 KB 78ms
58ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910993
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab12000097e4fd377000000001
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: keycdn-engine
etag: W/"5ea3067e-d159"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FMTt7m4T4k4DED4nPWFRhNPwvDziC4laxgjAKfRIZsJkEDDZlwpl7ExphfXXDX7QLrsspqFDHdN7dtlZEde6XYhpahthUHa1f7HZPrjuPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4c8197e4-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu4ac96559e236a1c70025a363c21dbc16
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/blocks/ 6 KB
2 KB 73ms
52ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/blocks/style.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: dcc909dfd149ca19089d4203f5c47525c05a218e19e84dcb706db7059b7f4755

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910993
x-edge-location: defr
cf-polished: origSize=6362
x-cache: MISS
cf-request-id: 079a5fab100000062979332000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-18da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gY6WPrYt%2B7%2FLtZm260gI2XfkCTutNT2SM787TR9rGm4bmyaMi5syoMwArP11XFfTl%2BL8AIGvXLi0jewBcbBBKfQFOgIHMGh2wHYsHm7zSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4ef40629-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZued97a7eb0a767c11e6f670d5ff41003e
cf-bgj: minify

GET
H2 200 woocommerce-layout.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 16 KB
3 KB 73ms
53ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: e42a7af0f19adf1cf7d67e8fbecad6713ec9cde539f7dc5d134544366679e521

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910993
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab1000000eab6b9df000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-409e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1XiPtG9EfNYbAjMwH%2FHMNItVOfeZnPDabAZal%2B5Y2NxjHbmDii2%2FEQRLVqLs17dRjGtNEgnZwHTN8sbjmQol7OgMUiZqKMnP%2B1zCYOz71g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4b370eab-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu3f0efb9b5b00243039a018633bfcbf22
cf-bgj: minify

GET
H2 200 woocommerce.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 61 KB
9 KB 73ms
53ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f8bd598e9a7cb4a743d02b5106fff15bfb2a83a15ddf612b6e7345ac78ba88ef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
cf-polished: origSize=62586
x-cache: MISS
cf-request-id: 079a5fab1000004aa3d396d000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-f47a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vUgIYFcg9NQG5Axno5Va0h6r9SM3YqqfhA65oD2HpKdxs2Jq3ilIZnKZ9DoZY1Rr8zBI39yH4KCZKmQJJtgVGuH6I8C5BE881SCRkql9Og%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b492a4aa3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8efdec07c92323c364b252a1f6bb2d93
cf-bgj: minify

GET
H2 200 flexslider.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/ 4 KB
2 KB 78ms
58ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/flexslider.css?ver=2.0.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: c9b302155b6a82a3f166cf2e7f045a04d4fec13444ce93186fcbc72917a6e0cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 32786
x-edge-location: defr
cf-polished: origSize=5466
x-cache: MISS
cf-request-id: 079a5fab12000096bc0caa1000000001
last-modified: Wed, 11 Oct 2017 00:50:50 GMT
server: keycdn-engine
etag: W/"59dd6aea-155a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UGyZOB9oyF%2FWdH6NbzYXWO6zJOIjErjjFhSK7mlF364QqSsuFjePsslyPNWBTWvEG5JEIsOhmfFVrDaKGIu20%2FeXlqMXGknNZNf08MfqxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4b5396bc-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuabaf84ac5fc12c591c5fc16c9e61edbb
cf-bgj: minify

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/ 4 KB
2 KB 66ms
46ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/style.css?ver=2.0.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2dc22200f64ece18c1413668318154e28f312752a9fcf9d989b8bfccf95632d0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
cf-polished: origSize=5175
x-cache: MISS
cf-request-id: 079a5fab1000004a74411a9000000001
last-modified: Wed, 11 Oct 2017 00:50:50 GMT
server: keycdn-engine
etag: W/"59dd6aea-1437"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k%2BH6oAYYP%2B%2BW%2BxfVmzS9oIn6KmYcKDxPY5HBUy71LEo2hAyqblrS2ARX33LCCsyfbc6ag6BC0IWCXbbF6JtDUovahECfO8ArKTKD8yjhSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4dcf4a74-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu264a2841564bb492cd7a01e25e99ed1f
cf-bgj: minify

GET
H2 200 frontend.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/download-monitor/assets/css/ 5 KB
2 KB 63ms
44ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/download-monitor/assets/css/frontend.css?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b8e149178358873942c6a434f9ae62dd952769a87c2abdf7e659c129acd398fd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab0d000006255404b000000001
last-modified: Fri, 13 Nov 2020 09:54:32 GMT
server: keycdn-engine
etag: W/"5fae57d8-14a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8u2wRqJny5WOXPNpoVDyiZo4vBUQZ7%2BufHyOI1tC1AdsC0UVAPr9SuTohT6667adzpfNdWJBK96PFLZloC3OEUGizRY8ANsKw%2FF0LEqIUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4cd10625-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu77d97406f806a56d64c2f89cc501da10
cf-bgj: minify

GET
H2 200 wc-memberships-frontend.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce-memberships/assets/css/frontend/ 4 KB
2 KB 66ms
47ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce-memberships/assets/css/frontend/wc-memberships-frontend.min.css?ver=1.13.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 865621ac5f128903e5ff1561805a16ce4fd20938f62a4a6807876f78a6f0b92d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab0d00001f29fd072000000001
last-modified: Fri, 26 Jul 2019 06:54:55 GMT
server: keycdn-engine
etag: W/"5d3aa3bf-e6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=If2%2FbVPlfiCVLiyLFee%2FXRIJlM5H7vlGrlgh21Vz%2BSttoJLtO7%2F9fv7vog%2FpjgEKkpOTIthx4WB1y9PQTzU0%2FyukE%2BBZ4O%2BJqWDaZyG9uQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4e6a1f29-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5636bc6aab1a3c06ce44c787b8e81159
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 jetpack-carousel.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/carousel/ 22 KB
5 KB 70ms
51ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=20120629
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f430b2a77635a22fa47e90dbcfffb6e2bd754c387bfb4fd4ea1e2b65729678cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 564514
x-edge-location: defr
cf-polished: origSize=25827
x-cache: MISS
cf-request-id: 079a5fab1100003258a82e1000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-64e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BVt3zdeycoOCvE8bcyRuBfnyntvxY2Ks%2By3wstifyzIWT%2FwFIhqet7tpqRfX%2FXwga9qXJC5hquSwQpmlRZF9QDf%2BMRMcqq5m4rLXcQteTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4cce3258-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0fce9c2e8d355417c5d14778cd5065b6
cf-bgj: minify

GET
H2 200 frontend.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 7 KB
3 KB 73ms
55ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=6.2.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bbe3bd0cb79c46e8c538921ca15b8ed864fb7a269e8378347e34f2af3b23cdf7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 220456
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab1200002c2a1b2e9000000001
last-modified: Wed, 20 Sep 2017 08:31:16 GMT
server: keycdn-engine
etag: W/"59c22754-1c15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2oWAeFtZr1lAym0hVtiWATU9jclLpAh8L6SKdRcTvTE1Tw1rPxCN3FjoXfvM3CQkpFaEra%2B3m2WK7fazHFK3%2FQDEDbjeCoXacTuNz6AyMA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b5ad62c2a-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5fc7a42a45c751c6c0df85753118d7d4
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 jquery.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/ 95 KB
34 KB 76ms
58ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
cf-polished: origSize=96873
x-cache: MISS
cf-request-id: 079a5fab1000002c565b148000000001
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: keycdn-engine
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fCwGWLwBEn7GRTC2GdimhPAo7qoZB4aFWIuIxHyugHntf58uhAzhRBYPYcSebarQYg%2BPk62AWA9pPPSk2Ye99nP19Apk4b16DU3WTZMbiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4b622c56-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2350546d31bd8ead88d7f522394b27cc
cf-bgj: minify

GET
H2 200 jquery-migrate.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/ 10 KB
5 KB 58ms
40ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab0c00004ac321149000000001
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: keycdn-engine
etag: W/"573eaa90-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LYMD%2FvGCyP87k%2B5RTOh1sDQJiWUxv%2Fzm%2BQW0byH5tJf%2BlnAt9z14CMKjoE8GhBkvqk1MSuDwopPmRUmVqo25Ho6yT%2BRAt6x3KbVU2tEEBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4ff94ac3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2f9df7b9927154871a1ced64b1cf8719
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 spin.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/ 4 KB
3 KB 57ms
39ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/spin.min.js?ver=1.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: a5307da44321773c9f46b34d756dcbd6cd427238e5cbad91cd2cf151513ec283

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 564514
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab08000005e4b583e000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-119e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8luAN5hR3URgYrPhkwjvRV5ts%2FlZyMEfg09pht1M4SVam%2FQ6rhhTm7zFkPcQFuuAexG7Nex15HE1zCgB59Xq7BA1i4al7BIQ4mxx5eANjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b3d5d05e4-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0ac45e75579069476922c373084fddd6
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 jquery.spin.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/ 2 KB
2 KB 62ms
45ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/jquery.spin.min.js?ver=1.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 36ad0edaf88cb19e7cbdae22470c1f124f02fd5673bf6144c0a7a9f0a8fef987

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 564514
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fab0c000005d40a0af000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-70e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BzUv%2BFvR%2FTGOWL2M03lz25%2FZsNZ%2BfgDa89kUKEd4R5orIpo91OFZ11dRZPYsKFGfCtCF2Pe34n857lYh7bVdzWFcVUOD%2FWVqlpouJvFvig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688b4e7005d4-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf0dcf00ab1aa0e1486092584a9e3ca45
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 main.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/css/ 83 KB
17 KB 71ms
54ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/css/main.css?1600708446
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 80cf7fc74cf2cb9eab4f78fef7ed7cd7d4370c66b6129ffbd8f2c6ca66e5b6e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
cf-polished: origSize=125826
x-cache: MISS
cf-request-id: 079a5fab1000004ac3392b0000000001
last-modified: Mon, 21 Sep 2020 17:14:06 GMT
server: keycdn-engine
etag: W/"5f68df5e-1eb82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9CLMEULOER7N%2B7h6%2Fz2pEMB8m3pGFALUok6sm26wuuO13%2BLn3on9ORq9NfHPc5o9xNuHmKQge4cI61EXc4FjxnBvKlvDJIJ8HP5%2BMIwc2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b48074ac3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu4399f72d715167a4b0fc45d59185589c
cf-bgj: minify

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix-graphus/ 36 KB
7 KB 74ms
57ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix-graphus/style.css?1576052726
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1f188c3017f993444dc8c267139cd5dd9466e29b181ace0f310933aa9c704851

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
cf-polished: origSize=46355
x-cache: MISS
cf-request-id: 079a5fab110000325c1a9ab000000001
last-modified: Wed, 11 Dec 2019 08:25:26 GMT
server: keycdn-engine
etag: W/"5df0a7f6-b513"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CUqIqX8ljIrhxWsyUpVkAw2mNJwGAKghDi1YNJNPV%2FxrKBnB6iVq2cTbtL0ATSFgtrwRXfHWO5Te184QxbI8fGhL2lfaaX3LnzB5pCxUog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4c54325c-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf105eebbb71001553553189e22a5a0c6
cf-bgj: minify

GET
H2 200 /
www.graphus.ai/ 26 KB
5 KB 527ms
525ms Stylesheet
text/css 2606:4700:20::681a:9a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.graphus.ai/?custom-css=79aff11e06
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0cf6df0a8d235ad3220663bab035da5a790b064df4bfed4a36db73c383f354b

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KYI2uupIHyXL1fKWPg%2B5TL95ek3%2FjDGtuPZOOvCuHOYAg7%2F9cVY1lUnqh8Fh%2F8wxLdTH%2BIGCzCnxb%2Bkfkh3ppjuGdwPtIzKK9UzVdfgRO2Dfd8L4qGvsgEan1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
x-kinsta-cache: BYPASS
cf-ray: 610a688b0ffd0614-FRA
cf-request-id: 079a5faae200000614f7076000000001
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu37a6e3fc92ab150fb63c2ce740683435
expires: Wed, 12 Jan 2022 22:45:32 GMT

GET
H2 200 hamburgers.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 22 KB
3 KB 69ms
52ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/hamburgers.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: da3b53cad6493e4bc3ebc4119f4ac0aaa836719a62badf32047a78efb5a794b0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 940635
x-edge-location: defr
cf-polished: origSize=27049
x-cache: MISS
cf-request-id: 079a5fab100000d6b1c93ca000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-69a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A6S48RUeebu5D%2B%2BU2CQWx4EDeRC6uJ%2B1I7cBGwGdYQGTH6Pbrxjkk7OD2Ml4xnMet8DnapSG8NRy5XyNHlCieIWkulYQXpj9MgNvOk9oqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b49f8d6b1-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0e570678401afe3d3801ec01262a7df5
cf-bgj: minify

GET
H2 200 jquery.mmenu.all.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 61 KB
8 KB 62ms
46ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/jquery.mmenu.all.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 78b7e339a157dcfd478816c0b11e30b622716c383308390e49b9882c011881ab

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 940635
x-edge-location: defr
cf-polished: origSize=62190
x-cache: MISS
cf-request-id: 079a5fab0d00002bc203885000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-f2ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kV0knRDE%2FpQr8uaFD6p08f9mSfSRBExXuFp8H4jMw0C0npnPS1asrmJQFkwz11ha5lFxgDu56BObsrheTxr2Lbfe0tczyWNxialFkpywAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688b4afe2bc2-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZua91ede4e2c4cc6cbbded8870b3c17b11
cf-bgj: minify

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-946879156

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63d934bcb48d56ec401df6f62c0c5d65143b9498156c568d69a9641faf319feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38952
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jan 2021 22:45:32 GMT

GET
H2 200 logo-graphus-r1.min_.svg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2020/02/ 8 KB
4 KB 34ms
27ms Image
image/svg+xml 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2020/02/logo-graphus-r1.min_.svg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 36d80c738c6cd18bac18bf802dc6e377bdce7e53bdcf8c480dfb2479a99e298a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 922141
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fad3a00002bc608aee000000001
last-modified: Wed, 04 Nov 2020 05:17:52 GMT
server: keycdn-engine
etag: W/"5fa23980-207f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0JaOBiEWXo4gKlMJ1J6NzGT7NthkBQoCvvj7MDohuoS8uW6W%2BfbOGwbrtNzBQm4cs0JzGdmlCv25c1G1TNxk7lkm5o6%2FNEiKq%2F7X6UmRrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688ec9e52bc6-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuec6a7194b1b21dc45c7b3b4b422fa415
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 image-2-768x466.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 52 KB
53 KB 34ms
28ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2-768x466.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b2b9451a76a7231691850ca82d6d0f0b20bfc29bd268af6acf6a4d34891c6dac

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135108
x-edge-location: defr
x-cache: MISS
content-length: 53129
cf-request-id: 079a5fad3a00002b65cd3b8000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-cf89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hnNPlD42DGyKUKgXJBpTa%2BnOC5zezeLzVxttwC3HGSm4GaEdhDgHxFVUxcIIZD4550cT%2B69v1UqUmClIEZEJi4MHHOfbxJyLBpxljMCt4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688ecee82b65-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf9c9cf36f4b208f913adafd4c3d7303d
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 image-2.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 146 KB
147 KB 32ms
26ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2dc92af1aaaf0954db15cf0efbaaf2666836b12eaa76463a12bc05b9a3933eca

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135108
x-edge-location: defr
x-cache: MISS
content-length: 149796
cf-request-id: 079a5fad3800003140d637d000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-24924"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HYFtfsd3Fzvu6KDdTGItI8RCC2IWbEEy1fGfyA801a9XcdOrlO53wVXKDjfrK4UwyOp7uhwDsrSI%2FLs%2FAOKQesoszQdquDu5DbTrxanyBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688ecde23140-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu7140a150c80f862085d0880e9d627456
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 image-2-copy-300x276.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 17 KB
18 KB 34ms
29ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2-copy-300x276.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 124464c13e32b959d11d242e255edc0b27a09e164395fa248811770b44b0109c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135108
x-edge-location: defr
x-cache: MISS
content-length: 17714
cf-request-id: 079a5fad3b00002fa545287000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-4532"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qQfjK9ib14TKXaxqkXpeAYktAvk5aO%2FPFV1kirl4SZScFk5XRMw0TyJ5WpD1CqbINHE3nzyaR%2FDjhiXyQDPp3HsmHJ5Zu7BStRDblaWEsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688ecfc42fa5-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu04a377252b1bdc110f1fa83a19693465
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 logo-graphus-w-r1.svg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/ 10 KB
5 KB 46ms
41ms Image
image/svg+xml 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/logo-graphus-w-r1.svg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b4a712748e001f973330b7a2f0087e68251839a5fb9160de94b48ce5102f9425

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 47072
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fad3a0000dfc71804b000000001
last-modified: Wed, 04 Nov 2020 05:17:51 GMT
server: keycdn-engine
etag: W/"5fa2397f-2970"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dzJb2QtOnRAtFL1R0PU7plFOPRTgL1bTtRzcfDV6%2FYEiwixHbDvMgR8c%2F6GZhxuEcL4wN4aMy9QUveDWeeCmi1hNz4CBmBUzOnhArt2%2Bqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688ecacfdfc7-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc7983192e1a5c39321680febde3d9485
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 10ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4431
date: Tue, 12 Jan 2021 21:31:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 12 Jan 2021 23:31:41 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.graphus.ai/wp-includes/js/ 14 KB
5 KB 15ms
10ms Script
application/javascript 2606:4700:20::681a:9a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.graphus.ai/wp-includes/js/wp-emoji-release.min.js?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 195705
cf-request-id: 079a5fad2b0000061496bd9000000001
last-modified: Tue, 05 Nov 2019 22:04:02 GMT
server: cloudflare
etag: W/"5dc1f1d2-364d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M%2B8ulMmjW4CbN1nEo8JqLKeyLT1ksKScR1Xlf4YE7CcDxwy%2FrXXVHSZfioQmp7M3N%2FF4pdRzPScrSF4CDn3Ov8y26SFTxHQNNcidRPgwo5wKqteWeIYa4KoXeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 610a688ea8180614-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZucea024b3d5e4fded934b5a862d80f0bd
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce-smallscreen.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 7 KB
2 KB 31ms
28ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 5302d7ef47b197c6cc07e5db5152dcce3b6886ac18f727875fe78ba8e8129224

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fad3a0000c2b3b40eb000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-1a66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H10nHFMzTRsTTJMvFK%2Fvj8kJB7AWCAzobYMLo0X0Hy5UzFvegmcwVjWtIl1OwrQcbfsvNSYIIipku1NNB%2FoVvNaobfaWyu7%2FGj%2Bvbbl9Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688ec98cc2b3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8556a726cce93a5430b2c8137febef8d
cf-bgj: minify

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 10ms
6ms Script
text/javascript 2a00:1450:4001:814::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 1623
date: Tue, 12 Jan 2021 22:18:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 13 Jan 2021 00:18:29 GMT

GET
H2 200 email-decode.min.js Show response
www.graphus.ai/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 7ms
7ms Script
application/javascript 2606:4700:20::681a:9a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:9a4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 079a5fab7900000614c0a9a000000001
last-modified: Tue, 05 Jan 2021 18:15:38 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5ff4acca-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g9tsCoPguoWGBApCxzcFHSnupdN5N5KhVJU%2F%2FhvP4zgmQNQdDoQGDaTrblsbDR9OAJPmE5NkBnHBex%2F%2FAsybatVi7SHzdlprTIucQ4vPA5NGdHcP6zChRMI9jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 610a688bf9a60614-FRA
expires: Thu, 14 Jan 2021 22:45:32 GMT

GET
H2 200 calltracking.js Show response
app.prontomarketing.com/insights/0bf688261823/ 5 KB
2 KB 39ms
23ms Script
text/javascript 2606:4700:20::681a:625
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.prontomarketing.com/insights/0bf688261823/calltracking.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:625 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fce0bd114c6868f5f6f9bbbba133543eae9fb06b3e30079a66234ebf5c1c1ca1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 254
cf-polished: origSize=7086
access-control-allow-methods: PUT, DELETE, GET, POST, OPTIONS
cf-request-id: 079a5fab9300002b891a0ba000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D1bGGRxoivVLL1OzCg7RXyPUUPlegjVUrfAnLfyfPFBrOA0pJEcxyzNIh3zbvtskJ71yTYfdaovGsbnaUtaDh4lu5WPVeg4WTS30vjuhhW1cLmzqsyHEsPN9%2FC1lLs7mBInkeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 610a688c1ed52b89-FRA

GET
H2 200 sharing.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/sharedaddy/ 10 KB
4 KB 22ms
22ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=4
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: cdc21e1d1c0a67812e193214ac25750e86d3e7d203ceece71cad72c0be2ca40c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
cf-polished: origSize=15504
x-cache: MISS
cf-request-id: 079a5fabb400002c42de265000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-3c90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=01oIW%2B0Shkuy3KQwGXsXrgaTiChwJ2CXquye%2FloyFmVXPQzySygNCZA6AQWfZ2ErqLjZh66XED%2BLuksfQXm0d4TTAB4hjH5oLWbmT9T%2FHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688c5cf32c42-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc038667cf8bd44571abb4228d66ffc17
cf-bgj: minify

GET
H2 200 jquery.flexnav.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/ 4 KB
2 KB 48ms
48ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/jquery.flexnav.js?ver=4.0
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b2724c5c9101f3ff26dae3f9dbcdd60b4ceb05a96c42b4c2e1f44d41646655a2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 220455
x-edge-location: defr
cf-polished: origSize=5751
x-cache: MISS
cf-request-id: 079a5fabdf0000c2f93ba79000000001
last-modified: Mon, 21 Aug 2017 07:56:35 GMT
server: keycdn-engine
etag: W/"599a9233-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k6obglyBTi3Svr%2BLT9XsVW8BE9kiv7RozZJ4XvEgqWJFLmq80%2Bzf9VG5bdbsLClGaeUdE8gjDesVs6Qes%2FeZX6SFrlP7wsfjf%2F9jWfBgkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688c8f80c2f9-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8cbc84735a3640218463077bf5271532
cf-bgj: minify

GET
H2 200 jquery.blockUI.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/ 9 KB
4 KB 54ms
54ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910992
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fabfd000064439c1c1000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-255e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=USPofHn6LWJ21OFSEX5hIgZcPytAmdv0Ca5wF7rntkIMrT0Oqj%2Fmg9%2BjuQc0Bi8aqMrcOcnSuzvt4sFmf%2BKW5TTyHohIj5N5uxjrD%2F5C6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688ccc9f6443-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZudef968b1f2660eed469ab536f8b0f277
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 add-to-cart.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
2 KB 21ms
20ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 57d7a5b4baf5112c85fd5be59369f9a0158e727e679c726158095abaea3b11b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fac3400002c563a094000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-a4d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Du0XBKbvdtr8LDje1%2B9EE3vAHVtx8B%2BTbdwvWv1VFbiHx9wovT1DxFvRsN%2FmGuD5fLLt9MAg0T%2F1RruGYhRX3VatG79UeTJouvvK5SjKew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688d2e252c56-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0d171165cdae1a6b961a54ca13ad6d55
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 js.cookie.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/ 2 KB
2 KB 24ms
24ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910990
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fac48000097d2189c9000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-736"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L9zHXw18rZPFFb97Oy6jEHp6ZKFRsIolaN0suM1o5wCy5fCkuiu7wklDXwv0%2FSVkcxJcgN6k0gqsZMHgEKc3zZH%2FY33jd8855z5ZdNAVJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688d3f3597d2-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu65eb2246c10fc7bba4c9036bab811149
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 woocommerce.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 1 KB
1 KB 25ms
24ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2d8747d26eba68a46f768d99eebf4b4624a37b2a3bd83d4a6934939e62846972

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fac62000005f99ea6f000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-5c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rRvgVIFIf4IHKEbs9v5Bg%2FaEHbHJsanmdy2Qq5aQbQ88fBcTiIqpm8hzApasN5IltJMpZxSnEl3KetbbsGxWM2YYsmQCRNuJgynizlfAQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688d6d3405f9-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu1583798a13866da842b5b1beeaf2d079
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 cart-fragments.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
2 KB 25ms
25ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bed0bd033705c33f1742d8fab2bfed8e945567319fd00e529838392eca49eac0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 485762
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fac7f000005bbd3939000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-b7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AiRICSiMNhiVRenwxLMQDjeD6JPAD6cnY7U0tnodjjSelv5yIjqZpjH%2BZNGxe1%2FxMl09lRdlgpZGV%2FKOJXLccsletwl51qAN5U%2FDs0g%2BHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688d9aa505bb-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu15081cb28443f3b6d939a34ea406615a
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 skip-link-focus-fix.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/ 597 B
1 KB 21ms
20ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/skip-link-focus-fix.js?ver=20130115
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1603064e2edd4b76a3a5a0e970b1b756000cfe0937c320cb6f223a08b43df0b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
cf-polished: origSize=733
x-cache: MISS
cf-request-id: 079a5fac9600000625d3ad7000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-2dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cbvmlKTze9ETCuv1ASHVgyaZJ7gY86p0s4jFDRqusbO813R4y3W0UJjef82g8ZSlaHgn4ZCboijZVFR4TkQU2yjpEO2yPs6fRY2iulErhg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688db9ca0625-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu07e0d0db7a5f0de1d3e05c00b59a82d2
cf-bgj: minify

GET
H2 200 lip.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-lead-insights/js/ 3 KB
2 KB 23ms
23ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-lead-insights/js/lip.js?ver=20150324
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f49cf987c70df95fda53db7399991e76854f8c5364a61d1b4532073ac60390da

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
cf-polished: origSize=5514
x-cache: MISS
cf-request-id: 079a5faca900001f2912058000000001
last-modified: Wed, 02 May 2018 02:30:14 GMT
server: keycdn-engine
etag: W/"5ae922b6-158a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Xo%2BMvMRI2rF%2FiPVBXMa8XXF%2BxZSb4olOgoQXlYg2beA7VhpteRmr3%2BZiTZtDkwbnI2Y20Bq0ST70H6gWJl%2BXSHjy7PYtJbwEEY3%2BJN7ckQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688dda961f29-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu92aae3f25e9ff772fb9d121412bcbae7
cf-bgj: minify

GET
H2 200 jetpack-carousel.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/carousel/ 27 KB
9 KB 24ms
24ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=20190102
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: a9261574e7afe310f6aad5c96c0fddd7a080e71839332d620348e98d0badcc14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 564514
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5facc90000324ca432d000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-6d82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZkxBiRxb5Y4u%2FF56BFbNwpdjGCIcHjhnqBsaU6azjy2QhOXfApvDyznJQ8t%2FWBie3g%2FeHJv9oUOk2aqBa197eiZ1j%2Fe7P%2FFNE9vhIDVxTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688e0e63324c-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf6f1dcb0bb860fdfb6fa4173eb8d2fb1
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 wp-embed.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/ 1 KB
2 KB 23ms
23ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/wp-embed.min.js?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5face10000c2c206ba0000000001
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: keycdn-engine
etag: W/"5db39083-59a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M49bKTKxtZqMsCZ6rIZ40LXXo14ZA4dqxqlb4%2BiGNqXMt5d%2FYLxdrhC2nNcKiv2q7sTzngmEefISG9wpzbaEHZXAqniEY6n0vVOBX3CRcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688e381fc2c2-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu240e0d98c9e8fae394dc7db4083858f4
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 jquery.mmenu.all.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 58 KB
15 KB 25ms
25ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/jquery.mmenu.all.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 7a5417e5f6ca399b82350e9af08a68bf070facbad05754a61728b5eef22bb513

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 228986
x-edge-location: defr
cf-polished: origSize=62029
x-cache: MISS
cf-request-id: 079a5facf50000dfa97b0aa000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-f24d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XMM4EEj1AAWPJ7aOzySDIV1n%2Bcks4boLyvFD8NvSDs5sSiewwjTeJc46TSAFBpMyKmQHUV1OTECC85QHNbxcwjDM1%2BfqII6gk3CFmSgQPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688e5e0adfa9-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2bb61c0b4b4bbb15f60fba3dd6934289
cf-bgj: minify

GET
H2 200 imagehover.min.css
cdnjs.cloudflare.com/ajax/libs/imagehover.css/2.0.0/css/ 14 KB
2 KB 13ms
12ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/imagehover.css/2.0.0/css/imagehover.min.css

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1f1d4f5acdfb2810a3f9f9a59e5e4c61949be5d662010cafa0569d256a4ba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 517759
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 1891
cf-request-id: 079a5facf10000c2ae7f106000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9f-36e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aROr4ZmeMApVRE6gzyhg%2B64IVRZ9sTpXKJ0%2B060FfuxArx%2FnfRjpUmyQLv4DN17brnebBfnbr%2B%2FtTZwochG%2FkvaiGdpDGbsYMlbGwmjuxbkaIBgst9YyfmraXpQqBDAIgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 610a688e4aa7c2ae-FRA
expires: Sun, 02 Jan 2022 22:45:32 GMT

GET
H2 200 7001790.js Show response
js.hs-scripts.com/ 2 KB
944 B 168ms
149ms Script
application/javascript 2606:4700::6811:d3cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/7001790.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d3cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae6c9ac89f30e5843fe96637dfa5b27e7c9f4fab14ba19c269f9491a03e2517

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-trace: 2BB6643F916E2247A67B5817B53116154D7156B990000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 610a688ecc011f29-FRA
cf-request-id: 079a5fad3b00001f29358d3000000001
expires: Tue, 12 Jan 2021 22:46:32 GMT

GET
H2 200 bootstrap.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/js/ 27 KB
8 KB 23ms
22ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/js/bootstrap.min.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 950004
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a5fad1000002c227e24a000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-6c4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0b9GVUf2WTEjGgS6KVI%2FAgnrLlZJP6frU7LdhRCAgxXBIPREh3PLc1WQ3g2ekIC%2FckUEoDEa0z2KbQzeZ1VDNn8EX0QJc562Z0%2B2%2BwrkNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a688e7f992c22-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu55edd2d7fbb6dccb567c3a7a58313eca
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 main.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/ 4 KB
2 KB 34ms
27ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/main.js?1597992806
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 636018f811bfbce8cab219d03ac80cfa82ef88786f61c66057c4288923a8957f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 910991
x-edge-location: defr
cf-polished: origSize=5046
x-cache: MISS
cf-request-id: 079a5fad3900002b298110b000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-13b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=O1ZpcN1OfeBm5EXVLhcSdKmWHEsRrnN%2FUS%2BE8Waa2uH564R7bC5l%2B8Qv9rZxCYUPa2BMGItF4KqveOyvdouboeWjePccyPt%2FWt1CHNhHdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
cf-ray: 610a688ecb992b29-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZud88a5da5e149cbc47f48770c2fd641dc
cf-bgj: minify

GET
H2 200 css
fonts.googleapis.com/ 3 KB
602 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/?custom-css=79aff11e06

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0c3673eabdeb4f3b582d8b63b9743a1e8cac6525a1c1be066c863eb616b559c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 22:45:32 GMT
server: ESF
date: Tue, 12 Jan 2021 22:45:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 22:45:32 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
12 KB 107ms
104ms Script
text/javascript 172.217.22.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-946879156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s16-in-f34.1e100.net

Software

cafe /

Resource Hash

e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12175
x-xss-protection: 0
server: cafe
etag: 17536051821503146167
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Jan 2021 22:45:32 GMT

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
45 KB 82ms
67ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c116dfdc2eb24557130b164315e11fb315cb97980b6ca2789505cf254e63ffc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45692
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jan 2021 22:45:32 GMT

GET
H2 200 fa-brands-400.woff2
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/ 74 KB
74 KB 42ms
28ms Font
application/font-woff2 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/fa-brands-400.woff2
Requested by: Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b

Request headers

Origin: https://www.graphus.ai
Referer: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 485762
x-edge-location: defr
x-cache: MISS
content-length: 75308
cf-request-id: 079a5fad510000d6d9320b7000000001
last-modified: Fri, 21 Aug 2020 06:53:25 GMT
server: keycdn-engine
etag: "5f3f6f65-1262c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0z%2F1%2FQVyLnPr1PFtyadONwiMhAj7spuyDgLmLtfQCC%2Bd%2F74JxtighTqxpYxrYwmmqJoSHJxUIlZR13knkxBuvHadUnSDEptDpm%2Fr%2BaDpmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688eeff6d6d9-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc7c96cc3d31b0e12c0c22953a7876779
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 fa-solid-900.woff2
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/ 127 KB
128 KB 36ms
23ms Font
application/font-woff2 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/fa-solid-900.woff2?v=5.11.2-pro
Requested by: Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca

Request headers

Origin: https://www.graphus.ai
Referer: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 32785
x-edge-location: defr
x-cache: MISS
content-length: 129832
cf-request-id: 079a5fad5200004a670a126000000001
last-modified: Fri, 21 Aug 2020 06:53:25 GMT
server: keycdn-engine
etag: "5f3f6f65-1fb28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Egodtu2UPDZ%2F1NtikqZOKSj6frHIMP20KNQbFqhx1CaiZnke7x0xUVJSWYWFRO5k9K52dmevDJeEGCKnzWNhrrJaTPD1Ui7Ml913u9kIEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688eeb8a4a67-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5c677b830ab68de4fda105fa2e21725b
expires: Thu, 13 Jan 2022 04:34:32 GMT

GET
H2 200 RrQXbohi_ic6B3yVSzGBrMxQaKctMc-JPQ.woff2
fonts.gstatic.com/s/redhattext/v3/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhattext/v3/RrQXbohi_ic6B3yVSzGBrMxQaKctMc-JPQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e74fb04398bed2d71dfcaa2b82bd3a80de47030039ed913b979fcb854279f43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.graphus.ai
Referer: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 06 Jan 2021 10:10:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 19:53:52 GMT
server: sffe
age: 563701
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11372
x-xss-protection: 0
expires: Thu, 06 Jan 2022 10:10:31 GMT

GET
H2 200 RrQIbohi_ic6B3yVSzGBrMxYm4Q4HO2EF1qELw.woff2
fonts.gstatic.com/s/redhattext/v3/ 11 KB
11 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhattext/v3/RrQIbohi_ic6B3yVSzGBrMxYm4Q4HO2EF1qELw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a257396a255bd839a4cbf9880aba23a6180107c2d1ca34c88a6aa22666bc86f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.graphus.ai
Referer: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 06:12:13 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 19:41:50 GMT
server: sffe
age: 59599
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11372
x-xss-protection: 0
expires: Wed, 12 Jan 2022 06:12:13 GMT

GET
H2 200 / Show response
app.prontomarketing.com/calls/api/ 129 B
394 B 256ms
256ms Script
text/html 2606:4700:20::681a:625
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.prontomarketing.com/calls/api/?site-api-key=0bf688261823&landing_page=https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/&referer=direct&utmz=&uuid=9e56e48e6e4e866e5d78e0aa4ae64232&keyword=&gclid=&campaign_params=https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Requested by: Host: app.prontomarketing.com
URL: https://app.prontomarketing.com/insights/0bf688261823/calltracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:625 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c054e7179817217fc8dc7d9812897b840a016435ff2d1f9fab86c8e50c20054b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Cookie
access-control-allow-methods: PUT, DELETE, GET, POST, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=T969W5ZpxN%2Bsv7clZYMBLyTn%2BVreuyAw8wiYwKibq1a8jwuodDSdJib1tWAPAA20ha7upehUG1vz6S6ozQy4vUpFA6ySxnKHwjvNTUTkoqwNP274Un6A5jb2sog4OjfNnvFOhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 610a688f3c922b89-FRA
cf-request-id: 079a5fad8600002b896ebe7000000001

POST
H2 200 / Show response
www.graphus.ai/ 210 B
1000 B 537ms
537ms XHR
application/json 2606:4700:20::681a:9a4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/?wc-ajax=get_refreshed_fragments

Requested by

Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:9a4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-pingback: https://www.graphus.ai/xmlrpc.php
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MSFK%2FPowGgS7D5VT%2BpPbdFmtWIH8KMKfRqxFm22IU7vEeE4q0Py9VwN3MNiVBtGFf1Ir%2BT199%2B3fEQkEHkH9GmmLoJjVVxWxQvJKobcg4z%2F41z%2F7bqs1093x5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.graphus.ai
cache-control: no-transform, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-request-id: 079a5fadb200000614cf09b000000001
cf-ray: 610a688f89950614-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5e963aaa207616331dd5fce4712e4e89
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 masthead-resources-blog.jpg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/ 138 KB
139 KB 27ms
26ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/masthead-resources-blog.jpg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1cd4b18f8fddf16ca9c669a335248863f3d8c07cedcce7a01d9ca2002a10d2e9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 485762
x-edge-location: defr
x-cache: MISS
content-length: 141367
cf-request-id: 079a5fadd00000dff38d8d9000000001
last-modified: Wed, 04 Nov 2020 05:17:51 GMT
server: keycdn-engine
etag: "5fa2397f-22837"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v0sE1jyDDVdEE8mIO4qagjp0lyH673UIQSdvVQrWgqk9Gyi5YGPuXXjnO63XuKKI9YJj73v6gMvEWtpj0zkkx9WOMWjX7vO3nzaIN5eLfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:34:32 GMT
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a688fb9b2dff3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZue092ab96cd113d9b55d14aa0e7802774
cf-bgj: h2pri

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:32:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 787
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 12 Jan 2021 23:32:25 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/946879156/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/946879156/?random=1610491532829&cv=9&fst=1610491532829&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0044273dfd31ef9a2b77d6f261265c030de57fae43a569874a2b1b0a1385326

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1090
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
9 KB 99ms
98ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 70B0234A8EB74129B6E5783D08CA1D79 Ref B: FRAEDGE1517 Ref C: 2021-01-12T22:45:32Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 22:45:32 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=33624
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 55316wt066540.js Show response
tracker.marinsm.com/tracker/async/ 5 KB
2 KB 232ms
69ms Script
text/javascript 143.204.93.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.marinsm.com/tracker/async/55316wt066540.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.97 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-97.fra50.r.cloudfront.net
Software: /
Resource Hash: cb42e7757a6c0bbf6da57ebcdaa34f6baab5aa0588d07b448cc2af5257be4a79

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 05:23:37 GMT
content-encoding: gzip
age: 62516
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: FRA50-C1
x-marintrackerversion: 3
x-amz-cf-id: jIIuM1UnzOQD4byv3uLgdesTUZbBNVAV7zEyxWQ6hG-2QzBzY4rxbA==
expires: Tue, 12 Jan 2021 05:26:29 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 90 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: N7uj5pVNkt9Hae8WCO6xPB0RvKNiiA7l1hZlTLDHppB8INUgLZ2FhAXRRkJPjrWreYxkO88wgBBiA6nqXWjO/w==
x-fb-trip-id: 1527350943
x-frame-options: DENY
date: Tue, 12 Jan 2021 22:45:32 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 7001790.js Show response
js.hs-analytics.net/analytics/1610491500000/ 60 KB
18 KB 166ms
141ms Script
text/javascript 2606:4700::6811:44b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1610491500000/7001790.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:44b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf9b3dd14557f08a03eca5a43cf8cf8574c1d26db5f40a702b72155e2ab09aee

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 7D9ED54EBFEAC74E
x-amz-server-side-encryption: AES256
cf-ray: 610a68906b0a2b22-FRA
x-amz-id-2: aUWrROIQcA3tFC8wojhoeNZAC2lLONBJ4gNEq5zTfF4MQzZqKEil9V60My6OgVt8+gWPbxUCeec=
last-modified: Mon, 14 Dec 2020 18:15:36 GMT
server: cloudflare
etag: W/"e2be30194fac1ae500fda0ac1cca321a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-request-id: 079a5fae4500002b227e208000000001
content-type: text/javascript
expires: Tue, 12 Jan 2021 22:50:32 GMT

GET
H2 200 7001790.js Show response
js.hs-banner.com/ 54 KB
14 KB 31ms
15ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/7001790.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d5f2599036b1712e667cef385c06899b50d259f731531a12fe8b1e1789df860

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=VybaVw==, md5=0CyTrYUpF6LRa9c5a1IRoQ==
date: Tue, 12 Jan 2021 22:45:32 GMT
content-encoding: br
cf-cache-status: HIT
age: 253
x-guploader-uploadid: ABg5-UyC7IHYS2pOAkiVhcexfXbNyPUh_F1x_NcK5fI5qtG5fpCbry8dArBSLrRQH7gzj5FLE9sIyWUT48O4CYJGV4c
x-goog-storage-class: STANDARD
access-control-max-age: 604800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript; charset=UTF-8
cf-request-id: 079a5fae3c0000e007ef1b0000000001
timing-allow-origin: *
last-modified: Tue, 05 Jan 2021 19:23:56 GMT
server: cloudflare
etag: W/"d02c93ad852917a2d16bd7396b5211a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation: 1609874636493396
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 55568
cf-ray: 610a68905998e007-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 12 Jan 2021 22:46:19 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 79 KB
20 KB 32ms
16ms Script
application/javascript 2606:4700::6811:eccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a8449812bdaa9eb7ad78d92bc5a7a8b9071a71e93c943168db33daa0b35b3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
via: 1.1 ba82151bf51e4c722c5305c983d8b71e.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 291
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8100/bundles/project.js&cfRay=610a61707aea3240-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 079a5fae3c000005edbfbee000000001
last-modified: Mon, 11 Jan 2021 03:07:17 UTC
server: cloudflare
etag: W/"92086cc3e1c2a03230fa57be7e5a9883"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: B0kkCloaf1R6H4bItlrZbSQy4iYB_qIL
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-C3
cf-ray: 610a68905ba405ed-FRA
x-amz-cf-id: XoDgSegeM2A13A8TOhWpIXSLdOFo44-qOxIIQvYJz2keNJLPKTTbfg==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 87 KB
25 KB 35ms
15ms Script
application/javascript 2606:4700::6811:7fab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:7fab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad9e4318a5ffb02d153a7275ddc2a55a896e412e4c95e0cb48365b4c99501413

Request headers

Origin: https://www.graphus.ai
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
via: 1.1 4db130e87be66fce9731567ae0669c56.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 23421
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.206/bundles/project.js&cfRay=61082cbeda4cd70d-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 079a5fae4000002bca91114000000001
cf-ray: 610a68906e0c2bca-FRA
last-modified: Wed, 18 Nov 2020 03:17:23 UTC
server: cloudflare
etag: W/"8009c15ab0ddd537e87c8961e3793907"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: vK9VzhfTTqVFyznSA1saY0pwTd8plNRY
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 3oseR_DR4zR-Kc39BKmzSM6tA27YpQNM02AYhywztbkWpU1nmmCaYg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1375183329&gjid=1577226924&_gid=266312871.1610491533&_u=aSBCgUAjCAAAAE~&z=1744062927

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jan 2021 22:45:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
103 B 13ms
12ms XHR
text/plain 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1268228487&t=pageview&_s=1&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&ul=en-us&de=UTF-8&dt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=9347427.114032911.1610491533.1610491533.1610491533.1&_utmz=9347427.1610491533.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1610491532858&_u=aSDCAUAjCAAAAG~&jid=1130241771&gjid=1160327854&cid=114032911.1610491533&tid=UA-92797871-1&_gid=266312871.1610491533&_r=1&gtm=2wgbu0TJZ7ZDM&z=596104545

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
86 B 6ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1268228487&t=pageview&_s=1&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&ul=en-us&de=UTF-8&dt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=9347427.114032911.1610491533.1610491533.1610491533.1&_utmz=9347427.1610491533.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1610491532852&_u=aSBCgUAjC~&jid=1375183329&gjid=1577226924&cid=114032911.1610491533&tid=UA-92797871-1&_gid=266312871.1610491533&z=1965886712

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 09:43:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 46917
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ 0
619 B 191ms
190ms Image
application/javascript 2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2731204&time=1610491532865&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: S/G9MoSdWRbwr6t25ioAAA==

GET
H2 200 /
www.google.com/pagead/1p-user-list/946879156/ 42 B
108 B 27ms
26ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/946879156/?random=1610491532829&cv=9&fst=1610488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&async=1&fmt=3&is_vtc=1&random=514239312&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/946879156/ 42 B
108 B 24ms
23ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/946879156/?random=1610491532829&cv=9&fst=1610488800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&async=1&fmt=3&is_vtc=1&random=514239312&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 716770535857542 Show response
connect.facebook.net/signals/config/ 241 KB
69 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/716770535857542?v=2.9.32&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e61e0b80cd3767298e5322977fc9ed14c4799f72dcdaa98b9da15e715c1dae4b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 70492
x-fb-rlafr: 0
pragma: public
x-fb-debug: 23kjlkvbQzzFW5/VprsPmDzl8UQMDsL1phx1N1PwdnusAzADMr0CMgQeAmxUr2+2hy8ccrcMope3v3A3YVv5vQ==
x-fb-trip-id: 1527350943
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 12 Jan 2021 22:45:32 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 962016497
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 20ms
19ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1375183329&_u=aSBCgUAjCAAAAE~&z=1364141521

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 18ms
18ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1375183329&_u=aSBCgUAjCAAAAE~&z=1364141521

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
424 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1130241771&gjid=1160327854&_gid=266312871.1610491533&_u=aSDCAUAjCAAAAG~&z=1613536204

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jan 2021 22:45:32 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 207ms
207ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=7001790&conversations-embed=static-1.8100&mobile=false&messagesUtk=d8ca0f56d7b24fe19fdabc6430c53a12&traceId=d8ca0f56d7b24fe19fdabc6430c53a12

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afee8c050ebbced8d88f5d865e725e1c9c83aacddacc9914942edf953cab005d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

X-HubSpot-Messages-Uri: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-length: 1414
cf-request-id: 079a5faef50000c26dda025000000001
server: cloudflare
x-trace: 2B7C6F7B6CE4A0E23411135D98F5ED14E8B3CFDA9F000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 610a68918860c26d-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 147ms
116ms Other
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-hubspot-messages-uri
Origin: https://www.graphus.ai
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-type: text/plain; charset=utf-8
content-length: 18
x-trace: 2B2BCE84AB6E8B76A417EDE93FB82E1C80B37D4041000000000000000000
allow: HEAD,GET,OPTIONS
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-origin: https://www.graphus.ai
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
cf-cache-status: DYNAMIC
cf-request-id: 079a5fae800000c26d3ba9a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 610a6890cf73c26d-FRA

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
261 B 17ms
17ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1130241771&_u=aSDCAUAjCAAAAG~&z=1885053610

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
483 B 45ms
31ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=114032911.1610491533&jid=1130241771&_u=aSDCAUAjCAAAAG~&z=1885053610

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
233 B 131ms
130ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=7001790&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

801ad457ff9fe95e0eac0ba1303f3a12b0cd144482030d3d0a6b171e8fe106a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.graphus.ai
access-control-max-age: 180
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 610a6890df7ac26d-FRA
access-control-allow-headers: *
cf-request-id: 079a5fae830000c26de6151000000001

GET
H2 204 0
bat.bing.com/action/ 0
93 B 98ms
98ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25141456&Ver=2&mid=d29f3746-87c3-4665-afd4-38418d0d45a6&sid=e0da7b60552711ebbb5c334e441be8c8&vid=e0daa510552711ebb7e2bb4a2f0d4bd7&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&p=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&r=&lt=1149&evt=pageLoad&msclkid=N&sv=1&rn=631350
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Jan 2021 22:45:32 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 5A28582EABC648D187FDA4DC08693F1C Ref B: FRAEDGE1517 Ref C: 2021-01-12T22:45:32Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
264 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=716770535857542&ev=PageView&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&rl=&if=false&ts=1610491532963&sw=1600&sh=1200&v=2.9.32&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1610491532962.700855547&it=1610491532873&coo=false&rqm=GET

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:32 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 12 Jan 2021 22:45:32 GMT

GET
H2 200 tp
tracker.marinsm.com/ 36 B
466 B 68ms
68ms Image
image/gif 143.204.93.97
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tracker.marinsm.com/tp?act=1&cid=55316wt066540&tz=-1&ref=&page=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&uuid=79BBBCDB-A972-4191-9A5C-A935509F5D75&rnd=716698481
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.93.97 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-97.fra50.r.cloudfront.net
Software: /
Resource Hash: be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:33 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
p3p: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-cache
x-marintrackerversion: 3
content-length: 36
x-amz-cf-id: oLfLnhrPSewaKNHZchXda0z8OMVk86sYmpp_5AhFMyRQERHc6rk0SA==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
529 B 48ms
29ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2978788718&v=1.1&a=7001790&rcu=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&pu=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&t=Clever+Phishing+Attacks+using+Microsoft+Forms+Detected+by+Graphus+-+Graphus&cts=1610491533160&vi=0fc5fc6e9484d050bc541e52427c7497&nc=true&u=62118131.0fc5fc6e9484d050bc541e52427c7497.1610491533156.1610491533156.1610491533156.1&b=62118131.1.1610491533156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 610a68925b7c1f55-FRA
date: Tue, 12 Jan 2021 22:45:33 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 079a5faf7a00001f5581a56000000001
x-robots-tag: none

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
378 B 41ms
27ms Image
image/gif 2a00:1450:4001:814::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1147310724&utmhn=www.graphus.ai&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&utmhid=1268228487&utmr=-&utmp=%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&utmht=1610491533166&utmac=_your_tracking_code_here_&utmcc=__utma%3D9347427.114032911.1610491533.1610491533.1610491533.1%3B%2B__utmz%3D9347427.1610491533.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1385291097&utmredir=1&utmmt=1&utmu=jAAAAAAAAAAAAAAAAAAAgAAE~

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 22:45:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 d8ca0f56d7b24fe19fdabc6430c53a12
app.hubspot.com/conversations-visitor/7001790/threads/utk/ Frame 2913 0
0 130ms
130ms Document
text/html 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/7001790/threads/utk/d8ca0f56d7b24fe19fdabc6430c53a12?uuid=f7d8f6a26ef94fe5ba0f0f5ba4a5b793&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=d8ca0f56d7b24fe19fdabc6430c53a12&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/7001790/threads/utk/d8ca0f56d7b24fe19fdabc6430c53a12?uuid=f7d8f6a26ef94fe5ba0f0f5ba4a5b793&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=d8ca0f56d7b24fe19fdabc6430c53a12&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:45:33 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d341caf937645729b242da9905f48a48f1610491533; expires=Thu, 11-Feb-21 22:45:33 GMT; path=/; domain=.hubspot.com; HttpOnly; SameSite=Lax
x-amz-replication-status: COMPLETED
last-modified: Mon, 11 Jan 2021 03:07:17 UTC
x-amz-server-side-encryption: AES256
x-amz-version-id: _LeBOKP64mZRNYul6syQsjR3RKnZrGGY
etag: W/"31b5db0185ce2e47d2bc07213fbc2d8c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 077b94dab77b8114aebf503be197d7d9.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C3
x-amz-cf-id: LRP3iyPpG9t4zL_VZ2mtVisjPnVVu3nTIgmNHoze10CE5CIv8zU3Ag==
age: 2594
access-control-allow-credentials: false
cache-control: max-age=600
x-hs-cache-status: MISS
cf-cache-status: DYNAMIC
cf-request-id: 079a5fafcf00001f55328e7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 610a6892ec681f55-FRA
content-encoding: br

POST
H2 200 /
www.facebook.com/tr/ 0
78 B 6ms
5ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryANyNk0oqc2SuYTkL

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 12 Jan 2021 22:45:33 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.graphus.ai/	1970-01-19 15:21:33	Name: __hssc Value: 62118131.1.1610491533156
.graphus.ai/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.graphus.ai/	1970-01-20 00:43:07	Name: hubspotutk Value: 0fc5fc6e9484d050bc541e52427c7497
.graphus.ai/	1970-01-20 00:43:07	Name: __hstc Value: 62118131.0fc5fc6e9484d050bc541e52427c7497.1610491533156.1610491533156.1610491533156.1
.graphus.ai/	1970-01-20 00:07:07	Name: _msuuid_55316wt066540 Value: 79BBBCDB-A972-4191-9A5C-A935509F5D75
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_calltracker_type Value:
.graphus.ai/	1970-01-19 17:31:07	Name: _fbp Value: fb.1.1610491532962.700855547
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_swap_target_number Value:
.graphus.ai/	1970-01-20 08:52:43	Name: __utma Value: 9347427.114032911.1610491533.1610491533.1610491533.1
.graphus.ai/	1970-01-19 15:21:31	Name: _gat_UA-92797871-1 Value: 1
.graphus.ai/	1970-01-19 15:22:57	Name: _uetsid Value: e0da7b60552711ebbb5c334e441be8c8
.graphus.ai/	1970-01-19 15:21:31	Name: _gat Value: 1
.graphus.ai/	1970-01-19 17:31:07	Name: _gcl_au Value: 1.1.1395850211.1610491533
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_replace_number Value:
.graphus.ai/	1970-01-20 08:52:43	Name: _ga Value: GA1.2.114032911.1610491533
.graphus.ai/	1970-01-19 15:22:57	Name: _gid Value: GA1.2.266312871.1610491533
www.graphus.ai/	1970-01-19 23:59:55	Name: pc_r Value:
.graphus.ai/	1969-12-31 23:59:59	Name: __utmc Value: 9347427
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_sr Value:
.graphus.ai/	1970-01-19 19:44:19	Name: __utmz Value: 9347427.1610491533.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.graphus.ai/	1970-01-19 15:21:33	Name: __utmb Value: 9347427.0.10.1610491533
.graphus.ai/	1970-01-19 15:44:55	Name: _uetvid Value: e0daa510552711ebb7e2bb4a2f0d4bd7
.graphus.ai/	1970-01-19 16:04:43	Name: __cfduid Value: d1129f81196658848e86182ae8f3494ff1610491531
www.graphus.ai/	1970-01-19 23:59:55	Name: pc_lp Value: https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F
www.graphus.ai/	1970-01-20 00:07:07	Name: pc_uuid Value: 9e56e48e6e4e866e5d78e0aa4ae64232
www.graphus.ai/	1970-01-23 06:57:31	Name: mtsnb_lastvisit_posts Value: %5B6683%5D
www.graphus.ai/	1970-01-23 06:57:31	Name: mtsnb_lastvisited Value: 1610471261

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/jquery.flexnav.js?ver=4.0(Line 4) Message: 1600

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
app.hubspot.com
app.prontomarketing.com
bat.bing.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.usemessages.com
mk0graphus6hi9e9iec2.kinstacdn.com
px.ads.linkedin.com
snap.licdn.com
ssl.google-analytics.com
stats.g.doubleclick.net
track.hubspot.com
tracker.marinsm.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.graphus.ai
143.204.93.97
172.217.22.34
2606:4700:20::681a:625
2606:4700:20::681a:9a4
2606:4700::6810:135e
2606:4700::6811:44b0
2606:4700::6811:7fab
2606:4700::6811:d3cc
2606:4700::6811:eccc
2606:4700::6812:14bf
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:800::2004
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:814::2008
2a00:1450:4001:816::200e
2a00:1450:4001:818::2003
2a00:1450:4001:821::200a
2a00:1450:400c:c0c::9b
2a00:1450:400c:c0c::9c
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
2a0b:4d07:101::1
0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca
0c4a8449812bdaa9eb7ad78d92bc5a7a8b9071a71e93c943168db33daa0b35b3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72
124464c13e32b959d11d242e255edc0b27a09e164395fa248811770b44b0109c
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1603064e2edd4b76a3a5a0e970b1b756000cfe0937c320cb6f223a08b43df0b2
1ae6c9ac89f30e5843fe96637dfa5b27e7c9f4fab14ba19c269f9491a03e2517
1cbda21998b65e08a7e936114cabd7f7783d0f590dd6efdd58c7faa8b6e7b9aa
1cd4b18f8fddf16ca9c669a335248863f3d8c07cedcce7a01d9ca2002a10d2e9
1f188c3017f993444dc8c267139cd5dd9466e29b181ace0f310933aa9c704851
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d8747d26eba68a46f768d99eebf4b4624a37b2a3bd83d4a6934939e62846972
2dc22200f64ece18c1413668318154e28f312752a9fcf9d989b8bfccf95632d0
2dc92af1aaaf0954db15cf0efbaaf2666836b12eaa76463a12bc05b9a3933eca
36ad0edaf88cb19e7cbdae22470c1f124f02fd5673bf6144c0a7a9f0a8fef987
36d80c738c6cd18bac18bf802dc6e377bdce7e53bdcf8c480dfb2479a99e298a
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4c6d5ac4c77a0cd4dcae820b87afd1ee0b18a72bf0dd8f7de168fd307ac47041
4d5f2599036b1712e667cef385c06899b50d259f731531a12fe8b1e1789df860
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea
5302d7ef47b197c6cc07e5db5152dcce3b6886ac18f727875fe78ba8e8129224
54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7
5511eacc6e642b59d94adfac3eb12843934f6240712eae01e83902aec5fd5578
57d7a5b4baf5112c85fd5be59369f9a0158e727e679c726158095abaea3b11b8
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
636018f811bfbce8cab219d03ac80cfa82ef88786f61c66057c4288923a8957f
63d934bcb48d56ec401df6f62c0c5d65143b9498156c568d69a9641faf319feb
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
78b7e339a157dcfd478816c0b11e30b622716c383308390e49b9882c011881ab
7a5417e5f6ca399b82350e9af08a68bf070facbad05754a61728b5eef22bb513
7e74fb04398bed2d71dfcaa2b82bd3a80de47030039ed913b979fcb854279f43
801ad457ff9fe95e0eac0ba1303f3a12b0cd144482030d3d0a6b171e8fe106a2
80cf7fc74cf2cb9eab4f78fef7ed7cd7d4370c66b6129ffbd8f2c6ca66e5b6e8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8511276a27014cf836b9ebaecd1e2ac49619482c9bcc3d0a080b56e64133348a
865621ac5f128903e5ff1561805a16ce4fd20938f62a4a6807876f78a6f0b92d
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
a0044273dfd31ef9a2b77d6f261265c030de57fae43a569874a2b1b0a1385326
a257396a255bd839a4cbf9880aba23a6180107c2d1ca34c88a6aa22666bc86f5
a5307da44321773c9f46b34d756dcbd6cd427238e5cbad91cd2cf151513ec283
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
a9261574e7afe310f6aad5c96c0fddd7a080e71839332d620348e98d0badcc14
ad9e4318a5ffb02d153a7275ddc2a55a896e412e4c95e0cb48365b4c99501413
afee8c050ebbced8d88f5d865e725e1c9c83aacddacc9914942edf953cab005d
b2724c5c9101f3ff26dae3f9dbcdd60b4ceb05a96c42b4c2e1f44d41646655a2
b2b9451a76a7231691850ca82d6d0f0b20bfc29bd268af6acf6a4d34891c6dac
b4a712748e001f973330b7a2f0087e68251839a5fb9160de94b48ce5102f9425
b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b
b8e149178358873942c6a434f9ae62dd952769a87c2abdf7e659c129acd398fd
bbe3bd0cb79c46e8c538921ca15b8ed864fb7a269e8378347e34f2af3b23cdf7
bc1f1d4f5acdfb2810a3f9f9a59e5e4c61949be5d662010cafa0569d256a4ba5
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f
bed0bd033705c33f1742d8fab2bfed8e945567319fd00e529838392eca49eac0
c054e7179817217fc8dc7d9812897b840a016435ff2d1f9fab86c8e50c20054b
c116dfdc2eb24557130b164315e11fb315cb97980b6ca2789505cf254e63ffc8
c9b302155b6a82a3f166cf2e7f045a04d4fec13444ce93186fcbc72917a6e0cc
cb42e7757a6c0bbf6da57ebcdaa34f6baab5aa0588d07b448cc2af5257be4a79
cdc21e1d1c0a67812e193214ac25750e86d3e7d203ceece71cad72c0be2ca40c
cf9b3dd14557f08a03eca5a43cf8cf8574c1d26db5f40a702b72155e2ab09aee
da3b53cad6493e4bc3ebc4119f4ac0aaa836719a62badf32047a78efb5a794b0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcc909dfd149ca19089d4203f5c47525c05a218e19e84dcb706db7059b7f4755
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0c3673eabdeb4f3b582d8b63b9743a1e8cac6525a1c1be066c863eb616b559c
e0cf6df0a8d235ad3220663bab035da5a790b064df4bfed4a36db73c383f354b
e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a7af0f19adf1cf7d67e8fbecad6713ec9cde539f7dc5d134544366679e521
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e61e0b80cd3767298e5322977fc9ed14c4799f72dcdaa98b9da15e715c1dae4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f430b2a77635a22fa47e90dbcfffb6e2bd754c387bfb4fd4ea1e2b65729678cc
f49cf987c70df95fda53db7399991e76854f8c5364a61d1b4532073ac60390da
f8bd598e9a7cb4a743d02b5106fff15bfb2a83a15ddf612b6e7345ac78ba88ef
fce0bd114c6868f5f6f9bbbba133543eae9fb06b3e30079a66234ebf5c1c1ca1

www.graphus.ai Open in urlscan Pro 2606:4700:20::681a:9a4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

93 Requests

100 %HTTPS

93 %IPv6

24 Domains

29 Subdomains

28 IPs

6 Countries

1173 kBTransfer

2654 kBSize

27 Cookies

6 Outgoing links

Redirected requests

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.graphus.ai Open in urlscan Pro
2606:4700:20::681a:9a4 Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

100 %
HTTPS

93 %
IPv6

24
Domains

29
Subdomains

28
IPs

6
Countries

1173 kB
Transfer

2654 kB
Size

27
Cookies

93 HTTP transactions
0 data transactions