www.area1security.com Open in urlscan Pro
143.204.201.112 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Submission: On September 02 via api (September 2nd 2020, 5:42:42 am UTC) from DE

Summary HTTP 80 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 31 IPs in 6 countries across 26 domains to perform 80 HTTP transactions. The main IP is 143.204.201.112, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.area1security.com.
TLS certificate: Issued by Amazon on November 13th 2019. Valid for: a year.

This is the only time www.area1security.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	143.204.201.112 143.204.201.112	16509 (AMAZON-02) (AMAZON-02)
3	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
2	2a03:b0c0:3:e... 2a03:b0c0:3:e0::32e:b001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6811:4e6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.93.80 104.16.93.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
2	143.204.201.78 143.204.201.78	16509 (AMAZON-02) (AMAZON-02)
1	104.111.250.173 104.111.250.173	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.14.109 151.101.14.109	54113 (FASTLY) (FASTLY)
2 4	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.233.195.104 34.233.195.104	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff0a	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:396::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1 2	38.65.9.115 38.65.9.115	174 (COGENT-174) (COGENT-174)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	216.239.32.21 216.239.32.21	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1 1	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
1 4	104.111.214.206 104.111.214.206	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	108.128.108.140 108.128.108.140	16509 (AMAZON-02) (AMAZON-02)
1	63.32.63.32 63.32.63.32	16509 (AMAZON-02) (AMAZON-02)
80	31

34 143.204.201.112 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-112.fra53.r.cloudfront.net

www.area1security.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:b0c0:3:e0::32e:b001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:4e6b (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.93.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-ab22.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.78 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-78.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.250.173 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-250-173.deploy.static.akamaitechnologies.com

origin.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7daf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.195.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-195-104.compute-1.amazonaws.com

www.bugherd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff0a (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:396::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 38.65.9.115 (United States) 1 redirects

ASN174 (COGENT-174, US)

e.acuityplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.32.21 (Los Gatos, United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2015.1e100.net

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.ee	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.111.214.206 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-214-206.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.108.140 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-108-140.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.63.32 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-63-32.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	area1security.com www.area1security.com	3 MB
6	googleapis.com ajax.googleapis.com maps.googleapis.com fonts.googleapis.com	152 KB
5	adroll.com 1 redirects s.adroll.com d.adroll.com	15 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	62 KB
4	unpkg.com 2 redirects unpkg.com	38 KB
4	cloudflare.com cdnjs.cloudflare.com	40 KB
3	acuityplatform.com 1 redirects origin.acuityplatform.com e.acuityplatform.com	3 KB
3	bizible.com cdn.bizible.com	34 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	typekit.net use.typekit.net p.typekit.net	1 KB
2	driftt.com js.driftt.com	45 KB
2	plausible.io plausible.io	1 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	google.de www.google.de	106 B
1	google.com www.google.com	106 B
1	google.ee www.google.ee	577 B
1	googleadservices.com 1 redirects www.googleadservices.com	845 B
1	doubleclick.net stats.g.doubleclick.net	91 B
1	ipinfo.io ipinfo.io	476 B
1	g2crowd.com tracking.g2crowd.com	1 KB
1	googletagmanager.com www.googletagmanager.com	57 KB
1	bugherd.com www.bugherd.com	748 B
1	vimeocdn.com extend.vimeocdn.com	6 KB
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	marketo.com app-ab22.marketo.com	68 KB
0	twitter.com Failed platform.twitter.com Failed
80	26

	Domain	Requested by
34	www.area1security.com	www.area1security.com
4	s.adroll.com	1 redirects www.area1security.com s.adroll.com
4	maps.googleapis.com	www.area1security.com maps.googleapis.com
4	unpkg.com	2 redirects www.area1security.com
4	cdnjs.cloudflare.com	www.area1security.com www.googletagmanager.com
3	fonts.gstatic.com	fonts.googleapis.com
3	cdn.bizible.com	www.area1security.com cdn.bizible.com
2	www.gstatic.com	www.area1security.com www.gstatic.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	e.acuityplatform.com	1 redirects www.area1security.com
2	js.driftt.com	www.area1security.com js.driftt.com
2	plausible.io	www.area1security.com plausible.io
1	d.adroll.com
1	d.adroll.mgr.consensu.org	1 redirects
1	www.google.de	www.area1security.com
1	www.google.com	www.area1security.com
1	www.google.ee	www.area1security.com
1	www.googleadservices.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	ipinfo.io	www.googletagmanager.com
1	tracking.g2crowd.com	www.area1security.com
1	www.googletagmanager.com	www.area1security.com
1	p.typekit.net	use.typekit.net
1	fonts.googleapis.com	www.area1security.com
1	use.typekit.net	www.area1security.com
1	www.bugherd.com	www.area1security.com
1	extend.vimeocdn.com	www.area1security.com
1	origin.acuityplatform.com	www.area1security.com
1	cdn.jsdelivr.net	www.area1security.com
1	app-ab22.marketo.com	www.area1security.com
1	ajax.googleapis.com	www.area1security.com
0	platform.twitter.com Failed	www.area1security.com
80	32

This site contains links to these domains. Also see Links.

Domain
www.g2.com
www.facebook.com
twitter.com
www.linkedin.com
www.aha.org
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
area1security.com Amazon	`2019-11-13` - `2020-12-13`	a year	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-08-14` - `2022-02-18`	2 years	crt.sh
plausible.io Let's Encrypt Authority X3	`2020-07-21` - `2020-10-19`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
cdnjs.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-12` - `2022-08-17`	2 years	crt.sh
app-ab22.marketo.com Cloudflare Inc ECC CA-3	`2020-07-09` - `2021-07-09`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-17` - `2021-04-17`	8 months	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh
*.acuityplatform.com DigiCert Secure Site ECC CA-1	`2020-04-14` - `2021-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
assets.bugherd.com Let's Encrypt Authority X3	`2020-08-11` - `2020-11-09`	3 months	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
ipinfo.io GTS CA 1D2	`2020-07-31` - `2020-10-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google.ee GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Frame ID: 1B4A2FDF7D4C95BF23CAD122CB99B748
Requests: 79 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: D2B9F2A522270B2F6B2439F1AB63F6CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i
headers server /^AmazonS3$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

80
Requests

99 %
HTTPS

59 %
IPv6

26
Domains

32
Subdomains

31
IPs

6
Countries

3924 kB
Transfer

4879 kB
Size

10
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.g2.com/products/area-1-security/reviews
Title: Customer Reviews

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=/blog/facemask-phishing-agent-tesla-malware/&t=%E2%80%9CFace%20Mask%20Manufacturer%E2%80%9D%20Supplies%20Agent%20Tesla%20Malware

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=/blog/facemask-phishing-agent-tesla-malware/&via=%E2%80%9CFace%20Mask%20Manufacturer%E2%80%9D%20Supplies%20Agent%20Tesla%20Malware
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite?mini=true&url=/blog/facemask-phishing-agent-tesla-malware/&via=%E2%80%9CFace%20Mask%20Manufacturer%E2%80%9D%20Supplies%20Agent%20Tesla%20Malware
Title:

Search URL Search Domain Scan URL

URL: https://www.aha.org/standardsguidelines/2020-06-16-hc3-sector-note-tlp-white-remote-access-trojan-agent-tesla-targets
Title: Agent Tesla malware

Search URL Search Domain Scan URL

URL: https://twitter.com/area1security

Search URL Search Domain Scan URL

URL: https://www.facebook.com/A1S.Area1/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/area-1-security

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4SryCvqE_xUiHsoNN-oqyA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/area1security/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://unpkg.com/swiper/swiper-bundle.min.css HTTP 302
https://unpkg.com/swiper@6.1.2/swiper-bundle.min.css

Request Chain 16

https://unpkg.com/swiper/swiper-bundle.min.js HTTP 302
https://unpkg.com/swiper@6.1.2/swiper-bundle.min.js

Request Chain 53

https://e.acuityplatform.com/pj?pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F HTTP 302
https://e.acuityplatform.com/pj?auidchint=true&pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F

Request Chain 63

https://www.googleadservices.com/pagead/conversion/923313590/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD&ct_eid=2 HTTP 302
https://www.google.ee/pagead/attribution/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD

Request Chain 73

https://s.adroll.com/j/exp/5EGGX7PHUFEY7N5HSUGQQ4/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 75

https://d.adroll.mgr.consensu.org/consent/iabcheck/5EGGX7PHUFEY7N5HSUGQQ4?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2 HTTP 302
https://d.adroll.com/consent/check/5EGGX7PHUFEY7N5HSUGQQ4/?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2

80 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.area1security.com/blog/facemask-phishing-agent-tesla-malware/ 115 KB
116 KB 188ms
57ms Document
text/html 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dee9786deab0a53e5109e81c2960f6ca3deb3394281982b3101709f82fb27889

Request headers

Host: www.area1security.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/html
Content-Length: 117988
Connection: keep-alive
Date: Wed, 02 Sep 2020 04:11:16 GMT
x-amz-meta-s3cmd-attrs: md5:5534815206ad3dbc46eb575c5d92b18f
Last-Modified: Wed, 02 Sep 2020 03:35:09 GMT
ETag: "5534815206ad3dbc46eb575c5d92b18f"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: ufOxSd8rloXqGZN4tRlexKIWBduP-22pbxKnjv3tJxdb-F2jqpVZhw==
Age: 5468

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 87 KB
34 KB 134ms
33ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (ska/F711) /
Resource Hash: 88f3613cc7a3e8c61b186ee57a7756866d403c26ff2daa58f4c7583a7523f0c2

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: gzip
last-modified: Fri, 21 Aug 2020 20:23:09 GMT
server: ECS (ska/F711)
age: 370931
etag: "3057b0e2f877d61:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 34210

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
927 B 33ms
6ms Script
application/javascript 2a03:b0c0:3:e0::32e:b001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/js/plausible.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:b0c0:3:e0::32e:b001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Netlify /
Resource Hash: 39555ed037572180eddda8068769232bd89aae9a568de4d986f4157bf78f7a98

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id: d4549649-de62-4fa8-91aa-ae65b1ab99fa-2561032
date: Wed, 02 Sep 2020 05:20:46 GMT
content-encoding: gzip
server: Netlify
age: 1299
status: 200
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=3600,public
access-control-allow-credentials: true
content-length: 673
x-request-id: FjDf5ietuC1xtqoGtWkx

GET
H/1.1 200
OK style.min.css
www.area1security.com/wp-includes/css/dist/block-library/ 53 KB
53 KB 120ms
63ms Stylesheet
text/css 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-includes/css/dist/block-library/style.min.css
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:34:27 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:40:03 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:2e7e1d1c1d4d446a1b6b63295757d859
Age: 4079
ETag: "2e7e1d1c1d4d446a1b6b63295757d859"
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 53907
X-Amz-Cf-Id: dnlYPOilL_Ahy39TLxoRfeJbHIKZ3mg3OGYwB1x7tQWp4aIIytj7eA==

GET
H/1.1 200
OK algolia-autocomplete.css
www.area1security.com/wp-content/plugins/search-by-algolia-instant-relevant-results/css/ 3 KB
4 KB 179ms
58ms Stylesheet
text/css 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/plugins/search-by-algolia-instant-relevant-results/css/algolia-autocomplete.css
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b7e34f6fe214525b816bd5841acc8674451cec6e4aa6c8128c2cba74727dd08

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:09 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:36 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:ab7b90fcc49dbe4c4a14e81f93361078
Age: 6737
ETag: "ab7b90fcc49dbe4c4a14e81f93361078"
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 3157
X-Amz-Cf-Id: xDBmWuUrajYrrsYPG61YPewzz0-lqzqG1EitSQHFCRQWEr3d8dCZ8Q==

GET
H/1.1 200
OK master.css
www.area1security.com/wp-content/themes/area1/assets/build/ 927 KB
927 KB 184ms
63ms Stylesheet
text/css 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a8e4e3eceb034a66e103798983000bbc02350060f12fd33faaa0145c25ae4b6f

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:42 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:36 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:95394a20296bbb65d3901ca071696cf1
Age: 6584
ETag: "95394a20296bbb65d3901ca071696cf1"
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 948991
X-Amz-Cf-Id: gpHoluDVNKn6PAa48xSJsdgxknFwLGZ4A1QiHpbIsQvrN4J5aBvVCg==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
29 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 11:04:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153494
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Aug 2021 11:04:10 GMT

GET
H/1.1 200
OK header-325a1b56c604baa312ca1f7d9f1339a5079298f4.min.js Show response
www.area1security.com/wp-content/uploads/cache/fvm/1597857460/out/ 129 KB
130 KB 178ms
57ms Script
application/javascript 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/uploads/cache/fvm/1597857460/out/header-325a1b56c604baa312ca1f7d9f1339a5079298f4.min.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5ef4c4ccacade0c817a7daff8143dabf292bce6af2e9a7c7fa09b8e5f98e6beb

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:09 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:41:15 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:8da8c62bb3f39d8094129511b4a33f9a
Age: 6737
ETag: "8da8c62bb3f39d8094129511b4a33f9a"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 132320
X-Amz-Cf-Id: UL5BJT3gU6_8xcfjLpdfDskYt19iVm6w5zR4x43EmGcMxmUTJFDtWQ==

GET
H2 200 TweenMax.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/latest/ 105 KB
31 KB 17ms
16ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:24 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 553375
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31378
cf-request-id: 04eeef89d20000bee779a02200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
etag: "5eb03e71-1a5b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cc4e8561aafbee7-FRA
expires: Mon, 23 Aug 2021 05:42:24 GMT

GET
H2 200 countUp.js Show response
cdnjs.cloudflare.com/ajax/libs/countup.js/1.9.3/ 8 KB
2 KB 19ms
18ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/countup.js/1.9.3/countUp.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

733a018cb334354fff1d8ae52623d5669bd4df4da01ceb0912a352361ba14247

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:24 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 724462
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2161
cf-request-id: 04eeef89d30000bee779a03200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
etag: "5eb03e2d-1eb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cc4e8561ab0bee7-FRA
expires: Mon, 23 Aug 2021 05:42:24 GMT

GET
H2 200 forms2.min.js Show response
app-ab22.marketo.com/js/forms2/js/ 205 KB
68 KB 128ms
49ms Script
application/x-javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab22.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4453
status: 200
cf-request-id: 04eeef8a3100000d461d201200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "1fa05b3-33237-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 5cc4e856bbb30d46-ARN
expires: Wed, 02 Sep 2020 09:42:25 GMT

GET
H2 200 bodyScrollLock.min.js Show response
cdn.jsdelivr.net/npm/body-scroll-lock@2.6.4/lib/ 3 KB
1 KB 22ms
7ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/body-scroll-lock@2.6.4/lib/bodyScrollLock.min.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2619bdf0e0a9d79b74fed1389ca2d3da61f0818813b76c31a626459f83d5d48c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2990404
x-cache: HIT, HIT
status: 200
content-length: 1092
etag: W/"b16-+ZeUwjFQYs11QXRwbyaN7RGUvVA"
x-served-by: cache-fra19160-FRA, cache-hhn4066-HHN
date: Wed, 02 Sep 2020 05:42:24 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bfys9szbrt7k.js Show response
js.driftt.com/include/1599025500000/ 137 KB
45 KB 346ms
177ms Script
application/javascript 143.204.201.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1599025500000/bfys9szbrt7k.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.201.78 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-78.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
etag: "c0ffecccae38fb92e490ef3de88a7ffe"
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 27 Aug 2020 14:41:50 GMT
server: nginx
date: Wed, 02 Sep 2020 05:42:25 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AWZfsbyEJ6-cinmOzO8RWBc1t4Z_i8nDyQnb24acJCshFPxFG7NMSg==

GET
H/1.1 200
OK pixel.js Show response
origin.acuityplatform.com/event/v2/ 2 KB
2 KB 184ms
58ms Script
application/javascript 104.111.250.173
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://origin.acuityplatform.com/event/v2/pixel.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.250.173 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-250-173.deploy.static.akamaitechnologies.com
Software: nginx/1.14.0 /
Resource Hash: 5045053467f4f14f1e1528436abe19003a7e7af0dd57229b466269310836a0ff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 05:42:25 GMT
Last-Modified: Fri, 05 Jun 2020 17:02:03 GMT
Server: nginx/1.14.0
ETag: "5eda7a8b-7d0"
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2000

GET
H2 200 104892217.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 174ms
54ms Script
text/javascript 151.101.14.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/104892217.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: b2b2ad1d953b1341442dca10555ebf44343c74fa9755492be52bf521f61dab11

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: gzip
age: 5371595
x-cache: HIT
status: 200
x-cache-hits: 182172
content-length: 5672
x-served-by: cache-fra19160-FRA
x-vimeo-dc: ge
last-modified: Mon, 29 Jun 2020 23:08:13 GMT
server: Apache
x-timer: S1599025346.644202,VS0,VE0
etag: "43cc-5a94122101140"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
via: 1.1 varnish
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 30 Jun 2030 01:35:50 GMT

GET
H/1.1 200
OK custom.js Show response
www.area1security.com/wp-content/themes/area1/assets/js/application/pages/ 7 KB
8 KB 157ms
58ms Script
application/javascript 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/js/application/pages/custom.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c8682ca9402570a1e7e6f328863f83d65f5e0e1c6889b4eec5bccf91b76772f2

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:42 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:c3d3ee6ce3ff4744af73bd845bf93da9
Age: 6584
ETag: "c3d3ee6ce3ff4744af73bd845bf93da9"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 7623
X-Amz-Cf-Id: nUFj7jFBuRpzTOgP1Th7-TSXlo9m37I4S3oWJ_9eNA1OjyNgiQlSqw==

GET
H2

200

swiper-bundle.min.css
unpkg.com/swiper@6.1.2/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.css
https://unpkg.com/swiper@6.1.2/swiper-bundle.min.css

13 KB
4 KB

15ms
15ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@6.1.2/swiper-bundle.min.css

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c68b3a2bc163ca82bf5221378bc6f13725c5d78adfe7a2cea35b994f873604ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1353061
status: 200
vary: Accept-Encoding
cf-request-id: 04eeef8a0400001f51b3270200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"356f-h9vq/gejmdg+2qRWfOyKcYc0Y2w"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: f09f3a6e9fffb21481495549a7562b0a
cache-control: public, max-age=31536000
cf-ray: 5cc4e8566c741f51-FRA

Redirect headers

date: Wed, 02 Sep 2020 05:42:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 433
status: 302
vary: Accept, Accept-Encoding
content-length: 57
cf-request-id: 04eeef89f500001f51b326b200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /swiper@6.1.2/swiper-bundle.min.css
x-cloud-trace-context: c3942029490ba018f11ed2f2f48adf8e
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5cc4e8565c421f51-FRA

GET
H2

200

swiper-bundle.min.js Show response
unpkg.com/swiper@6.1.2/
Redirect Chain

https://unpkg.com/swiper/swiper-bundle.min.js
https://unpkg.com/swiper@6.1.2/swiper-bundle.min.js

136 KB
34 KB

20ms
20ms

Script
application/javascript

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@6.1.2/swiper-bundle.min.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eb2d2c83a3bed04a30a59334e036b69b600fd8e7095301b10bf0d077780cf89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1353423
status: 200
vary: Accept-Encoding
cf-request-id: 04eeef8a0200001f51b326f200000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"2207e-bL9DMp6M74kM16t2NmsY3731DSM"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 7c8ef981854a35b0764debc53d69a564
cache-control: public, max-age=31536000
cf-ray: 5cc4e8566c6d1f51-FRA

Redirect headers

date: Wed, 02 Sep 2020 05:42:25 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 465
status: 302
vary: Accept, Accept-Encoding
content-length: 56
cf-request-id: 04eeef89f600001f51b326c200000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /swiper@6.1.2/swiper-bundle.min.js
x-cloud-trace-context: 6574d3574a93b6047a2b3c28f52fc8c3
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5cc4e8565c441f51-FRA

GET
H/1.1 200
OK sidebarv2.js Show response
www.bugherd.com/ 43 B
748 B 435ms
153ms Script
text/javascript 34.233.195.104
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bugherd.com/sidebarv2.js?apikey=neidmqorvyga4b32tw22og

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.233.195.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-233-195-104.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

6faed0e4b708dd466ed2caf20a877b4b99ce8f938d31caa3af6f70772ba641ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 05:42:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
P3p: CP="NOI ADM DEV COM NAV OUR STP"
Connection: close
X-Xss-Protection: 1; mode=block
X-Request-Id: 311f63db-2e2a-4397-b7bf-cf80518ea5cc
X-Runtime: 0.012890
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Frame-Options: SAMEORIGIN
Etag: W/"308316c85eb1f76b50d541843bc2e114"
X-Download-Options: noopen
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Type: text/javascript; charset=utf-8
Via: 1.1 vegur
Cache-Control: max-age=0, private, must-revalidate

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 119 KB
40 KB 61ms
41ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyC3BnZKCuaAaz825HOTZkCjU9fD7mq_afU

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

ee4f681e59fd6914515c936cd2784d2ce244b8f6b243a500bfc6fed1c7665360

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: gzip
vary: Accept-Language
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
server-timing: gfet4t7; dur=28
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40277
x-xss-protection: 0
expires: Wed, 02 Sep 2020 06:12:25 GMT

GET
H/1.1 200
OK brand-logo-mobile.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 8 KB
9 KB 67ms
64ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/brand-logo-mobile.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d7c57bbba53cf17f400ffd55936b86d5233b8d5a4c1908c350f3686db0345a10

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:37 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:97e3b9205ecbf20ab821ba1a11028a9e
Age: 6734
ETag: "97e3b9205ecbf20ab821ba1a11028a9e"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 8213
X-Amz-Cf-Id: 9wyRXSmWSwFXITCP8oCRdo8ljSI2Yas52t5CO8DDeVzlVYF6Bi4E1w==

GET
H/1.1 200
OK close-mobile-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 967 B
1 KB 67ms
64ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/close-mobile-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 160d3073c32a64cf6178c0cd578fbb4c3b7ec3c7de23050569ddc09ffc8bfc62

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:38 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:24073c619aeb707988d619b98f062a88
Age: 6734
ETag: "24073c619aeb707988d619b98f062a88"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 967
X-Amz-Cf-Id: wovRiYLTE8Jk7H2r-qkAqkXPK1v2BQv5bLGzrTPJK01lmKwNZAM7vA==

GET
H/1.1 200
OK search-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 1 KB
2 KB 67ms
65ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/search-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 902eeb8fc01d3fd4ac0f3f806cd580b3cc16c36a6480b8dfdeae6dad63043715

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:39 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:519180c15f1eb26428a833cb89c26bcb
Age: 6734
ETag: "519180c15f1eb26428a833cb89c26bcb"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 1059
X-Amz-Cf-Id: Jl00wVfDoxSLk8wBGuGv5bYbqx66ZyAJzRTthCsoV4XI4W3XvCDzbQ==

GET
H/1.1 200
OK meganav-icon.svg
www.area1security.com/wp-content/uploads/2020/03/ 3 KB
4 KB 67ms
65ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/03/meganav-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d1d88346db141ccc4f154bf8fd2720c480d49c360c71187ad3c905d08c9d91e9

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:08 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:fe079c6030f87e93b5fc8c4a18ef319c
Age: 6734
ETag: "fe079c6030f87e93b5fc8c4a18ef319c"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 3521
X-Amz-Cf-Id: 1wCmFTVuHsqTCrjEsjpXmUq4vSgnJGz9UkgAJvoqqSKGJ_zoKmcSNw==

GET
H/1.1 200
OK BlogBanners_Accoutability_is_Security_2500x1000Vector.svg
www.area1security.com/wp-content/uploads/2020/04/ 72 KB
72 KB 69ms
67ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/04/BlogBanners_Accoutability_is_Security_2500x1000Vector.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6cf21760088135a787f8aaddbea178f325327e55076c54495e610678ab0dea4

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:09 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:9d555570a903df354d6cd3cf82713531
Age: 6734
ETag: "9d555570a903df354d6cd3cf82713531"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 73401
X-Amz-Cf-Id: ZEMsFtjdJKlfHKe5qs_DgD8mlnHMFqN1m6cNuBfoaYiuDKb8euClEA==

GET
H/1.1 200
OK DigitalAds_SecurityHappyHour_300x250_3.jpg
www.area1security.com/wp-content/uploads/2020/05/ 30 KB
31 KB 73ms
71ms Image
image/jpeg 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/05/DigitalAds_SecurityHappyHour_300x250_3.jpg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7fd06fb2eb7b4eb5e58555d3530b61e34426ac7a641324a43b51c33a4064c7c1

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:17 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4850a873d995ceb81331975ca77563da
Age: 6734
ETag: "4850a873d995ceb81331975ca77563da"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 31163
X-Amz-Cf-Id: 6-ZREl6Epve9DyQQylIRxKBiGabZGtcW75cWX2V6BQyDtXthYE_n1w==

GET
H/1.1 200
OK contact-us-icon.svg
www.area1security.com/wp-content/uploads/2020/03/ 4 KB
5 KB 61ms
59ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/03/contact-us-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3eb5e7f43e997718971765eb7c33b0b602a52476bbf0c343658f21c8470a79e1

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 05:21:04 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:08 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:bdffc7d86e99863a7ce711fa3858b4bc
Age: 1282
ETag: "bdffc7d86e99863a7ce711fa3858b4bc"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 4173
X-Amz-Cf-Id: 9_1IF8ueFyrulp0UC-OZsW3fPTsIsw1y85NSKtLvNbTXgPVuzr0PhQ==

GET
H/1.1 200
OK area-1-logo-dark.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 6 KB
7 KB 63ms
61ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/area-1-logo-dark.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1e66fe239f6b4f42c0afc170d9b871052bc18e8b6845a90c6102feedd2f6ca0c

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:37 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:1f1431792dbe22ceb94158b53cf1e5a3
Age: 6734
ETag: "1f1431792dbe22ceb94158b53cf1e5a3"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 6583
X-Amz-Cf-Id: -hvNz2QqIJCR0ODLmhUBUQDfVrvZU3hIPeBz617tw4BfsGgzM0FYoA==

POST
H2 202 event Show response
plausible.io/api/ 0
212 B 42ms
29ms XHR
text/plain 2a03:b0c0:3:e0::32e:b001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:b0c0:3:e0::32e:b001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Netlify /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

x-nf-request-id: d4549649-de62-4fa8-91aa-ae65b1ab99fa-2561041
date: Wed, 02 Sep 2020 05:42:24 GMT
server: Netlify
age: 1
status: 202
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 0
x-request-id: FjDhFE1BO6QUxY4E6tsS

GET
H/1.1 200
OK facebook-social-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 2 KB
2 KB 59ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/facebook-social-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: edb80de1f7a8a324a3fe4c0db17f7fbeba3af9753c35ed819544a78837e4e804

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:23 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:38 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4a0af5b4cdd887f163d3262abbe07ed9
Age: 5463
ETag: "4a0af5b4cdd887f163d3262abbe07ed9"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 1580
X-Amz-Cf-Id: hlmOYzxUsOPNUjebIGiZZXP88GDYAyqDDeZ1GUh3YOZiRG_WWH81LA==

GET
H/1.1 200
OK twitter-social-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 2 KB
3 KB 59ms
58ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/twitter-social-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06f0f999f55406270467fd935c746d8f0e2865acb2df6567a673cabfd244cfb5

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:23 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:40 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:59be2298614d078f2453072911a87705
Age: 5463
ETag: "59be2298614d078f2453072911a87705"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 2506
X-Amz-Cf-Id: LKStyQMbVt-LvQ_s0zIPO0fupD-qnkY7SsY1LrAQm7uA0ApC0UtO8Q==

GET
H/1.1 200
OK linkedin-social-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 2 KB
2 KB 116ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/linkedin-social-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7ac5ac9022f66779b2df77751582d8543ecc442511969239797442a372ef989

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:23 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:39 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:b058e74c5c83d68f803acd6dae6e2cf1
Age: 5463
ETag: "b058e74c5c83d68f803acd6dae6e2cf1"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 1947
X-Amz-Cf-Id: IZI_QgziCAwaiNnmx_Nu5MqaqljwXQ7TCih2VVe01FLEwNTjZuFDyg==

GET
H/1.1 200
OK email-social-icon.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 1 KB
2 KB 162ms
103ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/email-social-icon.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2107e5c8ed1195bd4435c730cfbe30733f0c39387ea34c48948fd16eb4fa2d2d

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:23 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:38 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:f349e70a1ea1d4c41ea656e5abf02bd4
Age: 5463
ETag: "f349e70a1ea1d4c41ea656e5abf02bd4"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 1177
X-Amz-Cf-Id: -QPksza5-WDPySY95POywisDr5TS6kS6nwEcxA3ie5WRTwNceLcwgw==

GET
H/1.1 200
OK footer-logo.svg
www.area1security.com/wp-content/uploads/2019/11/ 8 KB
8 KB 58ms
58ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2019/11/footer-logo.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cc5d370924e2c28e8f2d6d607c5975c42fafe866baf92c798e6f4c087f439147

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:14 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:38:42 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4d4f173108fe99f2465eb44e7df79c9a
Age: 6732
ETag: "4d4f173108fe99f2465eb44e7df79c9a"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 7925
X-Amz-Cf-Id: hrRWntQMYUNpBmOgY3Ouvp_Hz9EFAOHKtKaRSxsGR8mDMUda08MuNA==

GET
H/1.1 200
OK PartnerFooter-Updated2.svg
www.area1security.com/wp-content/uploads/2020/03/ 69 KB
70 KB 60ms
60ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/03/PartnerFooter-Updated2.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 75d9700e1dc0a0c72a7815a64a7c0a737e92b492d65e7f16533f5fed1a09e1b5

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:14 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:05 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:9dcfa9f35c289eaaf52c1f87e41fc025
Age: 6732
ETag: "9dcfa9f35c289eaaf52c1f87e41fc025"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 71121
X-Amz-Cf-Id: Jz0z1bBUVF0mvNxh-IuKjV9jJVqGcYz5T-85qSPYSlpb8DPrIOSpWw==

GET
H/1.1 200
OK scripts.min.js Show response
www.area1security.com/wp-content/themes/area1/assets/build/ 879 KB
880 KB 57ms
57ms Script
application/javascript 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/build/scripts.min.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7a0662fca0c1e5fbcdd309ea5fce5f27e4b46768bbdd092ffd5b4a249f04fce3

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:09 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:36 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:73f0b09e0c375a56192d161d42d74f72
Age: 6737
ETag: "73f0b09e0c375a56192d161d42d74f72"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 900382
X-Amz-Cf-Id: 1NQdhiHg8l9G-BlTsd8YDwt_DB7ev-EdwyRXzkzs6IJjNISmnPwnug==

GET
H/1.1 200
OK footer-889259cb3909824fb78223ef0b8d79172b3d5bdc.min.js Show response
www.area1security.com/wp-content/uploads/cache/fvm/1597857460/out/ 17 KB
18 KB 59ms
59ms Script
application/javascript 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/uploads/cache/fvm/1597857460/out/footer-889259cb3909824fb78223ef0b8d79172b3d5bdc.min.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7fd7490a054141fd60cc6fb2eb03caefa8b931731d81fedaa8c2dbde1e5b56d5

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:10 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:41:14 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:70b57a557d3cedc3dd98ee7304113c93
Age: 6736
ETag: "70b57a557d3cedc3dd98ee7304113c93"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 17546
X-Amz-Cf-Id: -mIoMeOo-K9U92x1s3MwJ_gUGYl9HIXkyH997VlEmDKJET84kNgLXQ==

GET
H2 200 ryb4zmr.css
use.typekit.net/ 3 KB
920 B 38ms
9ms Stylesheet
text/css 2a01:4a0:1338:28::c38a:ff0a
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ryb4zmr.css

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4a0:1338:28::c38a:ff0a , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),

Reverse DNS

Software

nginx /

Resource Hash

60e5af32bd2b6ff69bd3234cd747980889777348734198e77e21922fa2e490dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
status: 200
date: Wed, 02 Sep 2020 05:42:25 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 721

GET
H2 200 css
fonts.googleapis.com/ 2 KB
574 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a8df908269a3343a24faefda741524c1c20d9cb408cd02959c5aee0a9d592baf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 02 Sep 2020 05:42:25 GMT
server: ESF
date: Wed, 02 Sep 2020 05:42:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 02 Sep 2020 05:42:25 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
149 B 29ms
9ms Stylesheet
text/css 2a02:26f0:10c:396::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ryb4zmr&ht=tk&f=14580.14581.14582.14583&a=30126071&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ryb4zmr.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:396::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/ryb4zmr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
last-modified: Wed, 24 Jun 2020 21:03:30 GMT
server: nginx
etag: "5ef3bfa2-5"
status: 200
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh7USSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.area1security.com
Referer: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 09:06:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:39 GMT
server: sffe
age: 160572
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13912
x-xss-protection: 0
expires: Tue, 31 Aug 2021 09:06:13 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 171 KB
57 KB 44ms
25ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TZNPQBB

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

21a1b2bcc386146e5df5022e18df2a36e1996a06c4aca44c723b99359183f9ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58048
x-xss-protection: 0
last-modified: Wed, 02 Sep 2020 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Sep 2020 05:42:25 GMT

GET
H2 200 3269.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 549ms
524ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/3269.js?p=https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/&e=

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:26 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
status: 200
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: c554e910-6260-4a48-a12a-62ace8b3cc06
x-runtime: 0.006389
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 04eeef8c390000d6ed1d298200000001
cf-ray: 5cc4e859f9b1d6ed-FRA

GET
H/1.1 200
OK nav-search.svg
www.area1security.com/wp-content/themes/area1/assets/img/ 571 B
1 KB 66ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/img/nav-search.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 377bf285812a1c784b42626aa90f76db9b9100f16513490e87a7c7e8c5c9ce78

Request headers

Referer: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:43 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:35:39 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:d0bf8fcb2f7215b72d73001b74c40982
Age: 6583
ETag: "d0bf8fcb2f7215b72d73001b74c40982"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 571
X-Amz-Cf-Id: -GCwsLHsESZtHwkmX8HC0oojzT-6StGiXqAcm6SXKKFxfuTjGrgX0A==

GET
H/1.1 200
OK SocialBanner_JulyBonus_Blog_Banner_2500x1000_1.jpg
www.area1security.com/wp-content/uploads/2020/08/ 343 KB
343 KB 60ms
60ms Image
image/jpeg 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/SocialBanner_JulyBonus_Blog_Banner_2500x1000_1.jpg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 18a85ee02bdd1993209975419c90501e69610ac4dc2dcda902cd85401ef274bb

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:24 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:47 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:3c8c406528d79998b73736e656a0469e
Age: 5462
ETag: "3c8c406528d79998b73736e656a0469e"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 351020
X-Amz-Cf-Id: 7gPNAAWYeS1sNwcmQHivB3sh62xJOasVjVBfom7N7ftmtr2K6Hew0g==

GET
H/1.1 200
OK SocialBanner_Blog_DMARC_2500x1000-1.svg
www.area1security.com/wp-content/uploads/2020/08/ 33 KB
34 KB 58ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/SocialBanner_Blog_DMARC_2500x1000-1.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07653cccedc15a47983e91fa4233a43e4fa31c6124496816e5cdd5252eb0a0b0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:24 GMT
Via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:45 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:3d5ebcc1c0553f8ad92f678e93efcfd0
Age: 5462
ETag: "3d5ebcc1c0553f8ad92f678e93efcfd0"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 34209
X-Amz-Cf-Id: XpBpA36RWyQJsgRYSr3JHd82xUGHIg8MWp2UdYUeaK7PqdVbnaFqDQ==

GET
H/1.1 200
OK BlogBannerTaxAttacks.svg
www.area1security.com/wp-content/uploads/2020/06/ 11 KB
12 KB 57ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/06/BlogBannerTaxAttacks.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6bebb76395e84aff6c7907820a1c73267d011a0af4310e22e50227de270a09e1

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 05:24:17 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:21 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:601fedf41d0561dca0f330da2c90f3e4
Age: 1089
ETag: "601fedf41d0561dca0f330da2c90f3e4"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 11364
X-Amz-Cf-Id: YH1nHTUy_5NbcUaI3qh_1Rco7Bpv-yDSYNlHyGHDkF8rIjzo6bFmxQ==

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 27ms
13ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.area1security.com
Referer: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 11:04:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:54 GMT
server: sffe
age: 153497
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14176
x-xss-protection: 0
expires: Tue, 31 Aug 2021 11:04:08 GMT

GET
H/1.1 200
OK SocialBanner_Blog_FaceMask_2500x1000_1-1.svg
www.area1security.com/wp-content/uploads/2020/08/ 93 KB
93 KB 77ms
66ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/SocialBanner_Blog_FaceMask_2500x1000_1-1.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3db5523fb8a7d48b136cc5aaefc6783a8522eda0ebefdcf53b6dc6a72a19d27

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 05:41:11 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:46 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4d3d61a11c5f3fa5eebe09cb26bfc283
Age: 75
ETag: "4d3d61a11c5f3fa5eebe09cb26bfc283"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 95207
X-Amz-Cf-Id: k-R8IwjPluuMM4N3bSMbEyso3RNo96KptaBMc4mW69pTvJ05M1NKJw==

GET
H/1.1 200
OK covid-facemask-phishing-transchemupdated.png
www.area1security.com/wp-content/uploads/2020/08/ 264 KB
265 KB 62ms
61ms Image
image/png 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/covid-facemask-phishing-transchemupdated.png
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31506f0b69c3c4754c32310b4fd4038c6f647b920c3d2061ee687e16d59ed775

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:24 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:50 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:03fbd448b85dcd6f06cdadd668a7e00d
Age: 5462
ETag: "03fbd448b85dcd6f06cdadd668a7e00d"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 270508
X-Amz-Cf-Id: 5YB9Qde8dvF7m_khYTCnPx8kjta57VuKNcmiOZ724e0MSsGT1qFLkg==

GET
H/1.1 200
OK covid-facemask-phishing-agenttesla.png
www.area1security.com/wp-content/uploads/2020/08/ 74 KB
74 KB 57ms
57ms Image
image/png 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/covid-facemask-phishing-agenttesla.png
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7589785d376dc4ec341caadfe999ba39e65617f09d5e11189a9f581d27276c0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:24 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:49 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:00d625bc2c4f401c421b2d9eda194408
Age: 5462
ETag: "00d625bc2c4f401c421b2d9eda194408"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 75399
X-Amz-Cf-Id: iSwByxJrgzmdG49S5P2ypFWP5QIUFym6J1-mAye32Mc-ScIjbqKGlw==

GET
H3-Q050 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.area1security.com
Referer: https://fonts.googleapis.com/css?family=Lato:300,400,600,700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 11:04:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:45:55 GMT
server: sffe
age: 153503
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Tue, 31 Aug 2021 11:04:02 GMT

GET
H/1.1 200
OK theme-icons.woff2
www.area1security.com/wp-content/themes/area1/assets/fonts/ 4 KB
5 KB 78ms
59ms Font
binary/octet-stream 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.area1security.com/wp-content/themes/area1/assets/fonts/theme-icons.woff2
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b8811650afae7a53ca6e2bf2ac088b8cdec200b6eb62284cc145f8695fb6a09

Request headers

Origin: https://www.area1security.com
Referer: https://www.area1security.com/wp-content/themes/area1/assets/build/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:43 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Age: 6583
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 4520
Last-Modified: Wed, 02 Sep 2020 03:35:37 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:0704dc2d6c20c08d738dcd0b093f23c7
ETag: "0704dc2d6c20c08d738dcd0b093f23c7"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: *
X-Amz-Cf-Pop: FRA53-C1
X-Amz-Cf-Id: zHy10tm8JbMsfZLrng9CQFR6fQW5XCUKD9MQK6e2Q_KblQSF8M48yA==

GET
H/1.1 200
OK covid-facemask-phishing-screenshot1.png
www.area1security.com/wp-content/uploads/2020/08/ 105 KB
106 KB 58ms
57ms Image
image/png 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/08/covid-facemask-phishing-screenshot1.png
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb6151efa632a257a89f49a2fb6d13e5fda096fbd57b6ede7c0a84f3372638e3

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 04:11:24 GMT
Via: 1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:49 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:1988932d0222ccc7195169a6367456ac
Age: 5462
ETag: "1988932d0222ccc7195169a6367456ac"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 107722
X-Amz-Cf-Id: fGVcDct5msXL1oVwafc6OX4GpeBiX73D6NXIb3QCBXK53bXsuMa7GQ==

GET
H/1.1

204
No Content

pj Show response
e.acuityplatform.com/
Redirect Chain

https://e.acuityplatform.com/pj?pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F
https://e.acuityplatform.com/pj?auidchint=true&pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F

0
27 B

137ms
136ms

Script
text/plain

38.65.9.115
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://e.acuityplatform.com/pj?auidchint=true&pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.65.9.115 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location: /pj?auidchint=true&pk=2500522576298312265&pu=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F
Content-Length: 0

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
305 B 33ms
33ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=d95254776edf4d35be392baedcfb7277&_biz_s=7db4a8&_biz_l=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F&_biz_t=1599025345158&_biz_i=Covid-19%20Phishing%20Campaign%20Bypasses%20Gateways%2C%20DMARC%20%7C%20Area%201%20Security&_biz_n=0&rnd=47022&cdn_o=a&_biz_z=1599025345707
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (ska/F706) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Sep 2020 05:42:25 GMT
last-modified: Sat, 29 Aug 2020 18:40:21 GMT
server: ECS (ska/F706)
age: 298924
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET widgets.js
platform.twitter.com/ 0
0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TZNPQBB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 20:46:40 GMT
server: Golfe2
age: 1605
date: Wed, 02 Sep 2020 05:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18323
expires: Wed, 02 Sep 2020 07:15:40 GMT

GET
H2 200 / Show response
ipinfo.io/ 268 B
476 B 274ms
196ms Script
text/javascript 216.239.32.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/?token=136616de95c87f&callback=callback

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TZNPQBB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.32.21 Los Gatos, United States, ASN15169 (GOOGLE, US),

Reverse DNS

any-in-2015.1e100.net

Software

/ Express

Resource Hash

153ce153df8ed0c2283b17aef544bdaf1802a94d7c5cc7e70a09e2426539292c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:25 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
status: 200
x-frame-options: DENY
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
via: 1.1 google

GET
H2 200 loader.js Show response
www.gstatic.com/wcm/ 539 B
665 B 6ms
5ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/wcm/loader.js

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e05da544a93b639782cb0974f5dacbfc36b60d40622f680e3383ec581243ca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:35:50 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 00:15:00 GMT
server: sffe
age: 395
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 539
x-xss-protection: 0
expires: Wed, 02 Sep 2020 06:35:50 GMT

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
542 B 153ms
153ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=d95254776edf4d35be392baedcfb7277&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.06.05
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (ska/F6FE) /
Resource Hash: 0e325de6a22f0ea395c0243d2ccb975a96c5cf6eb5636054a8d62e5d06496b7b

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:24 GMT
content-encoding: gzip
server: ECS (ska/F6FE)
etag: EA5AA2A0
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 325

GET
H3-Q050 200 call-tracking_2.js Show response
www.gstatic.com/call-tracking/ 51 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/call-tracking/call-tracking_2.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee0af9cb821e3b90c73da380ca1ea46a9568f50635facf5e263d0044c9124c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 27 Aug 2020 11:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 23 Apr 2020 17:15:00 GMT
server: sffe
age: 499234
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19708
x-xss-protection: 0
expires: Fri, 27 Aug 2021 11:01:51 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
400 B 40ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j85&a=1723898484&t=pageview&_s=1&dl=https%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F&ul=en-us&de=UTF-8&dt=Covid-19%20Phishing%20Campaign%20Bypasses%20Gateways%2C%20DMARC%20%7C%20Area%201%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=918706130&gjid=1123026469&cid=1833502669.1599025346&tid=UA-50588008-1&_gid=822585769.1599025346&_r=1&gtm=2wg8j2TZNPQBB&z=2098822259

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 02 Sep 2020 05:42:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.area1security.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
91 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j85&tid=UA-50588008-1&cid=1833502669.1599025346&jid=918706130&gjid=1123026469&_gid=822585769.1599025346&_u=YEBAAEAAAAAAAC~&z=1045696148

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 02 Sep 2020 05:42:25 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.area1security.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

wcm Show response
www.google.ee/pagead/attribution/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/923313590/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD&ct_eid=2
https://www.google.ee/pagead/attribution/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD

80 B
577 B

34ms
15ms

XHR
application/json

2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.ee/pagead/attribution/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-type: application/json; charset=UTF-8
access-control-allow-origin: null
cache-control: private
access-control-allow-credentials: true
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87
x-xss-protection: 0

Redirect headers

timing-allow-origin: *
date: Wed, 02 Sep 2020 05:42:26 GMT
x-content-type-options: nosniff
server: cafe
status: 302
location: https://www.google.ee/pagead/attribution/wcm?cc=ZZ&dn=6504919371&cl=00ozCIOi-IQBELbLorgD
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: https://www.area1security.com
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 18ms
17ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-50588008-1&cid=1833502669.1599025346&jid=918706130&_u=YEBAAEAAAAAAAC~&z=85584627

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Sep 2020 05:42:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 18ms
18ms Image
image/gif 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j85&tid=UA-50588008-1&cid=1833502669.1599025346&jid=918706130&_u=YEBAAEAAAAAAAC~&z=85584627

Requested by

Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Sep 2020 05:42:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK PartnerPortal_with_Links3.svg
www.area1security.com/wp-content/uploads/2020/07/ 18 KB
19 KB 58ms
57ms Image
image/svg+xml 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/07/PartnerPortal_with_Links3.svg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 74ea3c41c31d42cb8b923c06bea1b37bf316685bbf53d020153600c247c650be

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:44 GMT
Via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:33 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:ee6d3ce4591b37fcd593f5441346363f
Age: 6582
ETag: "ee6d3ce4591b37fcd593f5441346363f"
X-Cache: Hit from cloudfront
Content-Type: image/svg+xml
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 18797
X-Amz-Cf-Id: s-va9wiBuNLvqslWx1YoD8Aq54jOarioAY2WqUx7Pz3H_kT3o1c-jg==

GET
H/1.1 200
OK When_It_Rains_Phish3.jpg
www.area1security.com/wp-content/uploads/2020/03/ 28 KB
29 KB 58ms
58ms Image
image/jpeg 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/03/When_It_Rains_Phish3.jpg
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08458aa14505c0de77215e65fa6ec38552fcb4fd42892f92a92a3f9499365f0f

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:52:44 GMT
Via: 1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:08 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:a717399653171ec84dd6ed5794bb918b
Age: 6582
ETag: "a717399653171ec84dd6ed5794bb918b"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 29041
X-Amz-Cf-Id: Jj4AxNlI1XuEnBnb2JpfhySNl63tNCfplLWlprtgmpZa-D4v8fie1g==

GET
H/1.1 200
OK graphic-demo.png
www.area1security.com/wp-content/uploads/2020/03/ 47 KB
48 KB 59ms
58ms Image
image/png 143.204.201.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.area1security.com/wp-content/uploads/2020/03/graphic-demo.png
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.201.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-201-112.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da3685133673d21222822fba0779e112c499ed416946eaf4aa873600b06a4375

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 02 Sep 2020 03:50:12 GMT
Via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
Last-Modified: Wed, 02 Sep 2020 03:39:08 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:c7e044d6090796161785c3e3e56de5b2
Age: 6734
ETag: "c7e044d6090796161785c3e3e56de5b2"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Content-Length: 48217
X-Amz-Cf-Id: R-P5qjCqHQ0aZfGy8mTAvAproNpYFdXSaQrzP0M6FI17ZUi_KSc7lw==

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
1 KB 16ms
15ms Stylesheet
text/css 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TZNPQBB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:26 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 548381
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
cf-request-id: 04eeef8dd30000bee779a19200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
etag: "5eb03e2d-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cc4e85c8e53bee7-FRA
expires: Mon, 23 Aug 2021 05:42:26 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 15ms
14ms Script
application/javascript 2606:4700::6811:4e6b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TZNPQBB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 02 Sep 2020 05:42:26 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 724810
x-via: cfworker/kv
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
cf-request-id: 04eeef8dd40000bee779a1a200000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
etag: "5eb03e2d-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5cc4e85c8e54bee7-FRA
expires: Mon, 23 Aug 2021 05:42:26 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame D2B9 0
0 64ms
63ms Document
text/html 143.204.201.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1599025500000/bfys9szbrt7k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.201.78 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-78.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Thu, 27 Aug 2020 14:41:50 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 02 Sep 2020 05:42:26 GMT
etag: "79dca91bb58307b4af95c3ac6f14d3fe"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 269bfdd288bfea5423a4e9e701777da6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: HZhxXvCclUT2X0CSfApxmEKbhGiCo_FCr8_R0-_fsCVtKcgCjgXdSQ==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 38 KB
12 KB 187ms
70ms Script
text/javascript 104.111.214.206
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.area1security.com
URL: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.206 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-206.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CeVUvvucPy3Id6wu3pm.U9kY8oddI4fW
Content-Encoding: gzip
ETag: "d78a05d3ec6a770650daa2185ccbc352"
x-amz-request-id: AR5H0H0WBN7M3Z5M
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11962
x-amz-id-2: M93StxvvSqMxMsj+xy9yc6/AzzLsqM+G9sD8qeZqrxLh0uwhVbmeri750Q0Y8g/i85pm3VGzATE=
Last-Modified: Wed, 19 Aug 2020 17:39:39 GMT
Server: AmazonS3
Date: Wed, 02 Sep 2020 05:42:26 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/5EGGX7PHUFEY7N5HSUGQQ4/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

57ms
56ms

Script
application/javascript

104.111.214.206
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.206 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-206.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 0A9DFB41B15EF3A2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Wed, 02 Sep 2020 05:42:27 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 02 Sep 2020 05:42:27 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/5EGGX7PHUFEY7N5HSUGQQ4/2FGPV6HRYVGHROWBAYIDDD/ 0
773 B 175ms
61ms Script
text/javascript 104.111.214.206
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/5EGGX7PHUFEY7N5HSUGQQ4/2FGPV6HRYVGHROWBAYIDDD/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.214.206 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-214-206.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: fIN.lM5vsazwZGPb1fd.2IxqA1GXmOsD
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 08F0F8AC40D789D7
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: ODNN/yOQiaYsOe+oKKL16HIrOuMYzaOSER3PM9eZ3codjBiLmpuXdme/Y23UWInPkwhvCGvR/m8=
Last-Modified: Tue, 01 Sep 2020 23:29:51 GMT
Server: AmazonS3
Date: Wed, 02 Sep 2020 05:42:27 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/5EGGX7PHUFEY7N5HSUGQQ4/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/5EGGX7PHUFEY7N5HSUGQQ4?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2
https://d.adroll.com/consent/check/5EGGX7PHUFEY7N5HSUGQQ4/?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2

395 B
487 B

231ms
75ms

Script
application/javascript

63.32.63.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/5EGGX7PHUFEY7N5HSUGQQ4/?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-63-32.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 5a6e6422184eaeea5c541109c19cfdb15441075fa40f4cc27e1208f14dd856ca

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 02 Sep 2020 05:42:27 GMT
server: nginx/1.16.1
content-length: 395
content-type: application/javascript

Redirect headers

status: 302
date: Wed, 02 Sep 2020 05:42:27 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/5EGGX7PHUFEY7N5HSUGQQ4/?_s=50962a21f0111ff2cc18fe7d77b01ec8&_b=2

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/42/2/ 78 KB
29 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/42/2/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyC3BnZKCuaAaz825HOTZkCjU9fD7mq_afU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b30e4cd801709025bacae989e805015d0760f5b49b18d44fc291a30eed0301bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 01 Sep 2020 19:30:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 21:17:48 GMT
server: sffe
age: 36726
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29190
x-xss-protection: 0
expires: Wed, 01 Sep 2021 19:30:24 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/42/2/ 145 KB
53 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/42/2/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyC3BnZKCuaAaz825HOTZkCjU9fD7mq_afU

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca3c7cf45658dcfd7ebacbd84884424ff7952193b9f774c7a51e6975ee7a8b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 01 Sep 2020 15:53:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 Aug 2020 21:17:48 GMT
server: sffe
age: 49711
vary: Accept-Encoding, Origin
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54618
x-xss-protection: 0
expires: Wed, 01 Sep 2021 15:53:59 GMT

GET
H3-Q050 200 AuthenticationService.Authenticate Show response
maps.googleapis.com/maps/api/js/ 62 B
447 B 71ms
57ms Script
text/javascript 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.area1security.com%2Fblog%2Ffacemask-phishing-agent-tesla-malware%2F&4sAIzaSyC3BnZKCuaAaz825HOTZkCjU9fD7mq_afU&callback=_xdc_._xpa9ez&key=AIzaSyC3BnZKCuaAaz825HOTZkCjU9fD7mq_afU&token=19699

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/42/2/common.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

c86c64f3b7644e0dea65f2bec5fe0d3542f6d0678973e25a7b5dd7c44720d256

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Sep 2020 05:42:30 GMT
content-encoding: gzip
server: mafe
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment
server-timing: gfet4t7; dur=36
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: platform.twitter.com
URL: http://platform.twitter.com/widgets.js

Verdicts & Comments Add Verdict or Comment

159 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.area1security.com/	1970-01-19 20:56:01	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22XDomain%22%3A%221%22%7D
www.area1security.com/	1970-01-20 05:41:37	Name: driftt_aid Value: 61dbda4f-7d71-4ebb-8cda-a121077be8ee
.area1security.com/	1970-01-19 12:10:25	Name: _gat_UA-50588008-1 Value: 1
.area1security.com/	1970-01-19 20:56:01	Name: _biz_pendingA Value: %5B%5D
.area1security.com/	1970-01-19 20:56:01	Name: _biz_nA Value: 1
.area1security.com/	1970-01-19 14:20:01	Name: _gcl_au Value: 1.1.573099031.1599025346
.area1security.com/	1970-01-20 05:41:37	Name: _ga Value: GA1.2.1833502669.1599025346
.area1security.com/	1970-01-19 12:10:27	Name: _biz_sid Value: 7db4a8
.area1security.com/	1970-01-19 12:11:51	Name: _gid Value: GA1.2.822585769.1599025346
.area1security.com/	1970-01-19 20:56:01	Name: _biz_uid Value: d95254776edf4d35be392baedcfb7277

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
app-ab22.marketo.com
cdn.bizible.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
d.adroll.com
d.adroll.mgr.consensu.org
e.acuityplatform.com
extend.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
ipinfo.io
js.driftt.com
maps.googleapis.com
origin.acuityplatform.com
p.typekit.net
platform.twitter.com
plausible.io
s.adroll.com
stats.g.doubleclick.net
tracking.g2crowd.com
unpkg.com
use.typekit.net
www.area1security.com
www.bugherd.com
www.google-analytics.com
www.google.com
www.google.de
www.google.ee
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
platform.twitter.com
104.111.214.206
104.111.250.173
104.16.93.80
108.128.108.140
143.204.201.112
143.204.201.78
151.101.14.109
172.217.16.162
216.239.32.21
2606:4700::6810:7daf
2606:4700::6811:4e6b
2606:4700::6812:1abe
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:801::200e
2a00:1450:4001:808::2003
2a00:1450:4001:808::200a
2a00:1450:4001:80b::2004
2a00:1450:4001:814::200a
2a00:1450:4001:819::2003
2a00:1450:4001:81e::2003
2a00:1450:4001:81f::2003
2a00:1450:4001:821::200a
2a00:1450:400c:c0c::9b
2a01:4a0:1338:28::c38a:ff0a
2a02:26f0:10c:396::19fd
2a03:b0c0:3:e0::32e:b001
2a04:4e42:1b::621
34.233.195.104
38.65.9.115
63.32.63.32
68.232.35.12
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
06f0f999f55406270467fd935c746d8f0e2865acb2df6567a673cabfd244cfb5
07653cccedc15a47983e91fa4233a43e4fa31c6124496816e5cdd5252eb0a0b0
08458aa14505c0de77215e65fa6ec38552fcb4fd42892f92a92a3f9499365f0f
0e325de6a22f0ea395c0243d2ccb975a96c5cf6eb5636054a8d62e5d06496b7b
153ce153df8ed0c2283b17aef544bdaf1802a94d7c5cc7e70a09e2426539292c
160d3073c32a64cf6178c0cd578fbb4c3b7ec3c7de23050569ddc09ffc8bfc62
18a85ee02bdd1993209975419c90501e69610ac4dc2dcda902cd85401ef274bb
1b8811650afae7a53ca6e2bf2ac088b8cdec200b6eb62284cc145f8695fb6a09
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e66fe239f6b4f42c0afc170d9b871052bc18e8b6845a90c6102feedd2f6ca0c
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
2107e5c8ed1195bd4435c730cfbe30733f0c39387ea34c48948fd16eb4fa2d2d
21a1b2bcc386146e5df5022e18df2a36e1996a06c4aca44c723b99359183f9ec
2619bdf0e0a9d79b74fed1389ca2d3da61f0818813b76c31a626459f83d5d48c
31506f0b69c3c4754c32310b4fd4038c6f647b920c3d2061ee687e16d59ed775
377bf285812a1c784b42626aa90f76db9b9100f16513490e87a7c7e8c5c9ce78
39555ed037572180eddda8068769232bd89aae9a568de4d986f4157bf78f7a98
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3eb5e7f43e997718971765eb7c33b0b602a52476bbf0c343658f21c8470a79e1
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
4b7e34f6fe214525b816bd5841acc8674451cec6e4aa6c8128c2cba74727dd08
5045053467f4f14f1e1528436abe19003a7e7af0dd57229b466269310836a0ff
5a6e6422184eaeea5c541109c19cfdb15441075fa40f4cc27e1208f14dd856ca
5ef4c4ccacade0c817a7daff8143dabf292bce6af2e9a7c7fa09b8e5f98e6beb
60e5af32bd2b6ff69bd3234cd747980889777348734198e77e21922fa2e490dd
6bebb76395e84aff6c7907820a1c73267d011a0af4310e22e50227de270a09e1
6faed0e4b708dd466ed2caf20a877b4b99ce8f938d31caa3af6f70772ba641ac
706494a230ae9c22ebbda2b9fce9af786bac0ea5f315c80e3fbe9f44e7883c38
733a018cb334354fff1d8ae52623d5669bd4df4da01ceb0912a352361ba14247
74ea3c41c31d42cb8b923c06bea1b37bf316685bbf53d020153600c247c650be
75d9700e1dc0a0c72a7815a64a7c0a737e92b492d65e7f16533f5fed1a09e1b5
7a0662fca0c1e5fbcdd309ea5fce5f27e4b46768bbdd092ffd5b4a249f04fce3
7e05da544a93b639782cb0974f5dacbfc36b60d40622f680e3383ec581243ca4
7fd06fb2eb7b4eb5e58555d3530b61e34426ac7a641324a43b51c33a4064c7c1
7fd7490a054141fd60cc6fb2eb03caefa8b931731d81fedaa8c2dbde1e5b56d5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88f3613cc7a3e8c61b186ee57a7756866d403c26ff2daa58f4c7583a7523f0c2
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
902eeb8fc01d3fd4ac0f3f806cd580b3cc16c36a6480b8dfdeae6dad63043715
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9eb2d2c83a3bed04a30a59334e036b69b600fd8e7095301b10bf0d077780cf89
a3db5523fb8a7d48b136cc5aaefc6783a8522eda0ebefdcf53b6dc6a72a19d27
a6cf21760088135a787f8aaddbea178f325327e55076c54495e610678ab0dea4
a8df908269a3343a24faefda741524c1c20d9cb408cd02959c5aee0a9d592baf
a8e4e3eceb034a66e103798983000bbc02350060f12fd33faaa0145c25ae4b6f
aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2b2ad1d953b1341442dca10555ebf44343c74fa9755492be52bf521f61dab11
b30e4cd801709025bacae989e805015d0760f5b49b18d44fc291a30eed0301bb
bb6151efa632a257a89f49a2fb6d13e5fda096fbd57b6ede7c0a84f3372638e3
c68b3a2bc163ca82bf5221378bc6f13725c5d78adfe7a2cea35b994f873604ec
c8682ca9402570a1e7e6f328863f83d65f5e0e1c6889b4eec5bccf91b76772f2
c86c64f3b7644e0dea65f2bec5fe0d3542f6d0678973e25a7b5dd7c44720d256
ca3c7cf45658dcfd7ebacbd84884424ff7952193b9f774c7a51e6975ee7a8b53
cc5d370924e2c28e8f2d6d607c5975c42fafe866baf92c798e6f4c087f439147
d1d88346db141ccc4f154bf8fd2720c480d49c360c71187ad3c905d08c9d91e9
d7c57bbba53cf17f400ffd55936b86d5233b8d5a4c1908c350f3686db0345a10
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
da3685133673d21222822fba0779e112c499ed416946eaf4aa873600b06a4375
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dee9786deab0a53e5109e81c2960f6ca3deb3394281982b3101709f82fb27889
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edb80de1f7a8a324a3fe4c0db17f7fbeba3af9753c35ed819544a78837e4e804
ee0af9cb821e3b90c73da380ca1ea46a9568f50635facf5e263d0044c9124c9e
ee4f681e59fd6914515c936cd2784d2ce244b8f6b243a500bfc6fed1c7665360
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f7589785d376dc4ec341caadfe999ba39e65617f09d5e11189a9f581d27276c0
f7ac5ac9022f66779b2df77751582d8543ecc442511969239797442a372ef989

www.area1security.com Open in urlscan Pro 143.204.201.112 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

80 Requests

99 %HTTPS

59 %IPv6

26 Domains

32 Subdomains

31 IPs

6 Countries

3924 kBTransfer

4879 kBSize

10 Cookies

10 Outgoing links

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.area1security.com Open in urlscan Pro
143.204.201.112 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

99 %
HTTPS

59 %
IPv6

26
Domains

32
Subdomains

31
IPs

6
Countries

3924 kB
Transfer

4879 kB
Size

10
Cookies

80 HTTP transactions
0 data transactions