www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00
Effective URL:
https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWlda...
Submission: On December 11 via manual (December 11th 2019, 1:44:33 pm UTC) from US

Summary HTTP 231 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 49 IPs in 7 countries across 34 domains to perform 231 HTTP transactions. The main IP is 104.20.59.209, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.bleepingcomputer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 12th 2018. Valid for: 2 years.

This is the only time www.bleepingcomputer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	199.15.213.48 199.15.213.48	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	104.20.59.209 104.20.59.209	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
32	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
10	151.101.14.217 151.101.14.217	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
4 6	2a00:1450:400... 2a00:1450:4001:817::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2606:4700:20:... 2606:4700:20::681a:8b	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	178.79.175.86 178.79.175.86	63949 (LINODE-AP...) (LINODE-AP Linode)
8	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2600:9000:20e... 2600:9000:20eb:6400:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2.21.36.164 2.21.36.164	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2600:9000:215... 2600:9000:2156:5800:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	95.100.197.246 95.100.197.246	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
5	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	34.195.95.173 34.195.95.173	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2600:9000:215... 2600:9000:2156:fe00:1:af78:4c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	13.225.78.6 13.225.78.6	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	54.164.73.180 54.164.73.180	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 3	23.11.238.95 23.11.238.95	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	35.188.71.214 35.188.71.214	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.101.32 143.204.101.32	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	3.215.1.64 3.215.1.64	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	13.224.196.64 13.224.196.64	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
9	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE - Google LLC)
2	151.101.113.194 151.101.113.194	54113 (FASTLY) (FASTLY - Fastly)
2	13.224.196.65 13.224.196.65	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY - Fastly)
5	35.226.36.58 35.226.36.58	15169 (GOOGLE) (GOOGLE - Google LLC)
1	3.222.69.96 3.222.69.96	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6	185.33.223.221 185.33.223.221	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
9	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	18.194.120.191 18.194.120.191	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
23	18.195.86.132 18.195.86.132	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	95.100.197.53 95.100.197.53	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
8	69.173.144.140 69.173.144.140	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
21	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
16	2a00:1450:400... 2a00:1450:4001:824::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	172.217.22.6 172.217.22.6	15169 (GOOGLE) (GOOGLE - Google LLC)
3	95.100.196.250 95.100.196.250	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3 3	143.204.101.113 143.204.101.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3 6	52.57.98.188 52.57.98.188	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY - Fastly)
1	23.37.55.184 23.37.55.184	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
231	49

1 199.15.213.48 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

info.bettercloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.59.209 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepingcomputer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.14.217 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

cdn.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ck.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:817::2004 (Frankfurt am Main, Germany) 4 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:8b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.175.86 (London, United Kingdom)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: nb-178-79-175-86.london.nodebalancer.linode.com

ecdn.analysis.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:6400:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.21.36.164 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-36-164.deploy.static.akamaitechnologies.com

s9.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:5800:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

static.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.197.246 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-197-246.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.195.95.173 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-195-95-173.compute-1.amazonaws.com

core.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:fe00:1:af78:4c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

vendorlist.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.6 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-225-78-6.fra2.r.cloudfront.net

api.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.164.73.180 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-164-73-180.compute-1.amazonaws.com

rtb.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.11.238.95 (United States) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-11-238-95.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.71.214 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 214.71.188.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.32 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-32.fra50.r.cloudfront.net

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.215.1.64 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-215-1-64.compute-1.amazonaws.com

trk.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.196.64 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-64.fra2.r.cloudfront.net

audit.quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.16.130 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.194 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

confiant-integrations.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.196.65 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-65.fra2.r.cloudfront.net

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:20e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.226.36.58 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 58.36.226.35.bc.googleusercontent.com

c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.222.69.96 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-222-69-96.compute-1.amazonaws.com

cluster-na.cdnjquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.33.223.221 (Netherlands)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.16.68.69 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.120.191 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-120-191.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 18.195.86.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.100.197.53 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-197-53.deploy.static.akamaitechnologies.com

as-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:824::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.6 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 95.100.196.250 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-196-250.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.101.113 (Seattle, United States) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-113.fra50.r.cloudfront.net

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.57.98.188 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-57-98-188.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.55.184 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-37-55-184.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	bleepstatic.com www.bleepstatic.com	230 KB
23	sharethrough.com btlr.sharethrough.com	4 KB
23	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	348 KB
17	connatix.com cdn.connatix.com cdns.connatix.com ck.connatix.com core.connatix.com rtb.connatix.com i.connatix.com trk.connatix.com	433 KB
16	ampproject.org cdn.ampproject.org	355 KB
16	doubleclick.net 1 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net	127 KB
12	3lift.com 6 redirects tlx.3lift.com ib.3lift.com eb2.3lift.com	4 KB
12	adnxs.com ib.adnxs.com acdn.adnxs.com	7 KB
10	pub.network a.pub.network d.pub.network c.pub.network	236 KB
9	rubiconproject.com fastlane.rubiconproject.com eus.rubiconproject.com	14 KB
9	districtm.io dmx.districtm.io cdn.districtm.io	1 KB
8	gstatic.com fonts.gstatic.com	87 KB
8	google.com 4 redirects www.google.com cse.google.com adservice.google.com	3 KB
6	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com	66 KB
6	consensu.org quantcast.mgr.consensu.org static.quantcast.mgr.consensu.org vendorlist.consensu.org api.quantcast.mgr.consensu.org audit.quantcast.mgr.consensu.org	136 KB
5	googleapis.com fonts.googleapis.com	3 KB
3	casalemedia.com as-sec.casalemedia.com	3 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
3	googletagservices.com www.googletagservices.com	73 KB
3	addthis.com s9.addthis.com s7.addthis.com	189 KB
2	reddit.com www.reddit.com	3 KB
2	facebook.com graph.facebook.com	1017 B
2	ad-delivery.net ad-delivery.net	1 KB
2	fastly.net confiant-integrations.global.ssl.fastly.net	72 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	cdnjquery.com cluster-na.cdnjquery.com	356 B
1	videoplayerhub.com freestar-io.videoplayerhub.com	19 KB
1	google.de adservice.google.de	778 B
1	addthisedge.com v1.addthisedge.com	924 B
1	moatads.com z.moatads.com	1 KB
1	analysis.fi ecdn.analysis.fi	1 KB
1	googletagmanager.com www.googletagmanager.com	27 KB
1	bleepingcomputer.com www.bleepingcomputer.com	15 KB
1	bettercloud.com info.bettercloud.com	932 B
231	34

	Domain	Requested by
32	www.bleepstatic.com	www.bleepingcomputer.com cdn.connatix.com
23	btlr.sharethrough.com	a.pub.network
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net www.bleepingcomputer.com cdn.ampproject.org
16	cdn.ampproject.org	securepubads.g.doubleclick.net
9	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net info.bettercloud.com www.bleepingcomputer.com
8	fastlane.rubiconproject.com	a.pub.network
8	fonts.gstatic.com	cdn.connatix.com www.bleepingcomputer.com a.pub.network
7	i.connatix.com	www.bleepingcomputer.com
6	acdn.adnxs.com	a.pub.network
6	eb2.3lift.com	3 redirects a.pub.network
6	dmx.districtm.io	a.pub.network
6	ib.adnxs.com	a.pub.network
6	www.google.com	4 redirects www.bleepingcomputer.com
5	c.pub.network	a.pub.network
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.bleepingcomputer.com
5	fonts.googleapis.com	www.bleepingcomputer.com securepubads.g.doubleclick.net
3	cdn.districtm.io	a.pub.network
3	ib.3lift.com	3 redirects
3	ads.pubmatic.com	a.pub.network
3	hbopenbid.pubmatic.com	a.pub.network
3	as-sec.casalemedia.com	a.pub.network
3	tlx.3lift.com	a.pub.network
3	trk.connatix.com	www.bleepingcomputer.com
3	d.pub.network	a.pub.network
3	sb.scorecardresearch.com	1 redirects www.bleepingcomputer.com
3	rtb.connatix.com	cdns.connatix.com
3	www.googletagservices.com	pagead2.googlesyndication.com a.pub.network securepubads.g.doubleclick.net
2	ad.doubleclick.net	1 redirects www.bleepingcomputer.com
2	www.reddit.com	s9.addthis.com
2	graph.facebook.com	s9.addthis.com
2	ad-delivery.net	freestar-io.videoplayerhub.com
2	confiant-integrations.global.ssl.fastly.net	a.pub.network confiant-integrations.global.ssl.fastly.net
2	s7.addthis.com	s9.addthis.com
2	static.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
2	www.google-analytics.com	www.googletagmanager.com www.bleepingcomputer.com
2	pagead2.googlesyndication.com	www.bleepingcomputer.com pagead2.googlesyndication.com
2	a.pub.network	www.bleepingcomputer.com a.pub.network
1	eus.rubiconproject.com	a.pub.network
1	cluster-na.cdnjquery.com	freestar-io.videoplayerhub.com
1	audit.quantcast.mgr.consensu.org	static.quantcast.mgr.consensu.org
1	freestar-io.videoplayerhub.com	a.pub.network
1	api.quantcast.mgr.consensu.org	quantcast.mgr.consensu.org
1	vendorlist.consensu.org	quantcast.mgr.consensu.org
1	core.connatix.com	cdns.connatix.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	v1.addthisedge.com	s9.addthis.com
1	z.moatads.com	s9.addthis.com
1	ck.connatix.com	cdns.connatix.com
1	s9.addthis.com	www.bleepingcomputer.com
1	quantcast.mgr.consensu.org	www.bleepstatic.com
1	cdns.connatix.com	cdn.connatix.com
1	ecdn.analysis.fi	www.bleepingcomputer.com
1	cse.google.com	www.bleepingcomputer.com
1	www.googletagmanager.com	www.bleepingcomputer.com
1	cdn.connatix.com	www.bleepingcomputer.com
1	www.bleepingcomputer.com	info.bettercloud.com
1	info.bettercloud.com
231	58

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.youtube.com
deals.bleepingcomputer.com
connatix.com
info.phishlabs.com
docs.microsoft.com

Subject Issuer	Validity	Valid
bleepingcomputer.com COMODO RSA Domain Validation Secure Server CA	`2018-05-12` - `2020-05-17`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-11` - `2020-10-09`	a year	crt.sh
j3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-11-15` - `2020-09-16`	10 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.analysis.fi Sectigo RSA Domain Validation Secure Server CA	`2019-06-13` - `2020-06-12`	a year	crt.sh
quantcast.mgr.consensu.org Amazon	`2019-05-06` - `2020-06-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
moatads.com DigiCert ECC Secure Server CA	`2018-11-10` - `2020-02-09`	a year	crt.sh
*.connatix.com Amazon	`2019-10-19` - `2020-11-19`	a year	crt.sh
vendorlist.consensu.org Amazon	`2019-03-06` - `2020-04-06`	a year	crt.sh
*.scorecardresearch.com COMODO RSA Organization Validation Secure Server CA	`2018-11-28` - `2019-12-26`	a year	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2019-02-09` - `2020-05-16`	a year	crt.sh
*.videoplayerhub.com Amazon	`2019-07-18` - `2020-08-18`	a year	crt.sh
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-01-02` - `2020-01-03`	a year	crt.sh
ad-delivery.net Amazon	`2019-03-07` - `2020-04-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-11-06` - `2020-02-04`	3 months	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
*.assetbucket.net Amazon	`2019-09-11` - `2020-10-11`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
districtm.io CloudFlare Inc ECC CA-2	`2019-03-26` - `2020-03-26`	a year	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.sharethrough.com Amazon	`2019-10-07` - `2020-11-07`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
misc-sni.google.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-16` - `2020-05-16`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Frame ID: C8CDD9403B684E859692790BBFCF3FDA
Requests: 155 HTTP requests in this frame

Frame: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Frame ID: 3B600CC14F31D4B63119DCF098D6867E
Requests: 8 HTTP requests in this frame

Frame: https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Frame ID: 7B72F24ECF7E49FC7387073E13E8EECB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/zrt_lookup.html
Frame ID: 520866EDBE507BB7BE1CB4D449A6F292
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1575991265&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1576071857326&bpp=5&bdt=343&fdt=60&idt=60&shv=r20191205&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=2492402167315&frm=20&pv=2&ga_vid=1841999065.1576071857&ga_sid=1576071857&ga_hid=1522108492&ga_fc=0&iag=0&icsg=35184374718464&dssz=43&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065073%2C21065125&oid=3&pvsid=381247132831838&ref=http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=73
Frame ID: 6385D7D9624104C6C8E0EF09B8F2E98E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: E3225DCE5F276DA98E5B75482A31B5AC
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: C56DD390023A5FB8D60F86212E5ED494
Requests: 22 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: 6A130B6CB54E68E7CE29CFD6C1420274
Requests: 11 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvt5U_UebcU-B9M7ox7AGs_AIVXnbss-6uazO8d29kCNn4_d-1VpV1UHQ6BUgcYvw7gtY_BK4Z5FwnLW6MtPKl_pqG-2aZops-nSknH11ZW04lzvShDqWd_O5gav6Ly28mnAmS3b0fuIL1s1M9RWP6tDB6AWFnQuSFF_-T6okl34cY1a-iH9BjgE8EUh86Nm98L0AC2FmAvBbOiYc6Y4iWrdWBY98orvuoD937EB7oL0SIHl6aScoJbR95OdbuDgsbYAguAKcPtFC00SGA6i93lZGbgSYQXnLuB&sig=Cg0ArKJSzErx4pQhySNoEAE&urlfix=1&adurl=
Frame ID: BC73EE40D3B7C4D0BFFF8CFE6FD7781C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js
Frame ID: 75823035AE40F7CD70C35053B10B61BC
Requests: 21 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: FE2177DE0653548F97A2802506EEA8E8
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: F9B00F3E69E6732DF8993763A3336CA6
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: FB7256422BC6C4F4785A162729151230
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: E6AB03D2B8F9C8AC6C3689B3DF055518
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: F31B3A36CC487063687D214C53AE0FFB
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: ED69ADD4540A816B556B3CB949EB8363
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 83C33160548B66966114831FB50B6392
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 2AFA97A233FCCB1E4C94F96414E737E2
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: D4EDE23B7813CEBE4340443EAD3DF7D8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: BC970E26825E422F303EEEE652D01F65
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: B4DE090C0485D80E98AAA4E935351491
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: AE040BBB7F9708740B18C2FE82FE2DEC
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F00736DC8DA53E4C3B5A22D9741CAD31
Requests: 1 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 7D9EF878B433DC2481242347C1E495ED
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 60579F3E7BA767EFFFAA2D3A7F82B22E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: E2D72048099F24147201E870058931B1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00 Page URL
https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

231
Requests

100 %
HTTPS

31 %
IPv6

34
Domains

58
Subdomains

49
IPs

7
Countries

2479 kB
Transfer

6722 kB
Size

15
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/BleepingComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BleepingComputer

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/
Title: Deals

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/elearning?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: eLearning

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/certifications?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: IT Certification Courses

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/deals/gear-gadgets?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Gear + Gadgets

Search URL Search Domain Scan URL

URL: https://deals.bleepingcomputer.com/collections/tag-cyber-security?utm_source=bleepingcomputer.com&utm_medium=dd_cat
Title: Security

Search URL Search Domain Scan URL

URL: https://connatix.com/
Title: .st0{fill:#FFFFFF;}.st1{fill:#0099FF;}

Search URL Search Domain Scan URL

URL: http://info.phishlabs.com/blog/office-365-phishing-uses-malicious-app-persist-password-reset
Title: report by PhishLabs

Search URL Search Domain Scan URL

URL: http://docs.microsoft.com/en-us/graph/permissions-reference
Title: permissions

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=VX59Gf-Twwo
Title: proof-of-concept ransomware

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/cloud-app-security/investigate-risky-oauth
Title: Microsoft's tutorial on investigating risky apps

Search URL Search Domain Scan URL

URL: https://twitter.com/LawrenceAbrams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00 Page URL
https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en HTTP 302
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request Chain 77

https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1576071857712&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c8=&c9=&cs_ucfr=0 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1576071857712&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c8=&c9=&cs_ucfr=0

Request Chain 175

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_pre=CPCx_JrdreYCFRTJdwodcJsH2A;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

Request Chain 207

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 208

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 209

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 222

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 224

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 235

https://ib.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

231 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set jbHZ0C3aK00fH0AeY1S0n00
info.bettercloud.com/ 639 B
932 B 1032ms
616ms Document
text/html 199.15.213.48
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL

http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00

Protocol

HTTP/1.1

Server

199.15.213.48 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: info.bettercloud.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:44:16 GMT
Server: Apache
Cache-Control: private, no-cache, no-store, max-age=0
Connection: close
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html
Set-Cookie: BIGipServerab_mailtracking_80=!QdAr041939pZIzFybf/nLIVwOTHiDrrGldBOLgslvuE6nilF6m+8+AN4iulqT7lz9Ro++B4fTP7qqCo=; path=/; Httponly

GET
H2 200 Primary Request / Show response
www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/ 69 KB
15 KB 724ms
693ms Document
text/html 104.20.59.209
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Requested by

Host: info.bettercloud.com
URL: http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.59.209 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

182ce60aa520e221e459f0eb5d20c9b4a443478a9eb4f3dafc39c4a816fefedb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.bleepingcomputer.com
:scheme: https
:path: /news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:16 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc2f8fed9a07f2bd22ec1cf45b65e92ba1576071856; expires=Fri, 10-Jan-20 13:44:16 GMT; path=/; domain=.bleepingcomputer.com; HttpOnly; Secure session_id=19f0d57d25e70280b9c004739e059a7d; path=/; domain=.bleepingcomputer.com; httponly;Secure lav=7365; expires=Fri, 10-Jan-2020 13:44:16 GMT; Max-Age=2592000; path=/;Secure
content-security-policy: upgrade-insecure-requests;
x-frame-options: SAMEORIGIN
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
last-modified: Tue, 10 Dec 2019 15:21:05 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5437e46dca98d6cd-FRA
content-encoding: br

GET
H2 200 css
fonts.googleapis.com/ 14 KB
897 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900

Requested by

Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 13:44:17 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 13:44:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H2 200 bootstrap.css
www.bleepstatic.com/css/redesign/ 111 KB
17 KB 67ms
29ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/bootstrap.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 6824
cf-polished: origSize=137522
status: 200
cf-bgj: minify
last-modified: Fri, 23 Sep 2016 14:33:06 GMT
server: cloudflare
etag: W/"2184297232"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e472799f8c74-VIE
expires: Fri, 01 Nov 2019 16:48:04 GMT

GET
H2 200 main.css
www.bleepstatic.com/css/redesign/ 51 KB
9 KB 67ms
30ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 3859
cf-polished: origSize=60842
status: 200
cf-bgj: minify
last-modified: Thu, 16 Aug 2018 15:28:40 GMT
server: cloudflare
etag: W/"4249134023"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e47279a08c74-VIE
expires: Sat, 02 Nov 2019 12:08:26 GMT

GET
H2 200 home.css
www.bleepstatic.com/css/redesign/ 12 KB
3 KB 67ms
30ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/home.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 1698
cf-polished: origSize=14998
status: 200
cf-bgj: minify
last-modified: Sat, 24 Mar 2018 16:18:00 GMT
server: cloudflare
etag: W/"2402535603"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e47279a28c74-VIE
expires: Tue, 26 Nov 2019 22:16:24 GMT

GET
H2 200 news.css
www.bleepstatic.com/css/redesign/ 27 KB
5 KB 71ms
34ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/news.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 1327621
cf-polished: origSize=32905
status: 200
cf-bgj: minify
last-modified: Tue, 26 Nov 2019 02:56:16 GMT
server: cloudflare
etag: W/"400467278"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e47279a38c74-VIE
expires: Tue, 31 Dec 2019 04:57:16 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
www.bleepstatic.com/js/redesign/ 94 KB
32 KB 78ms
41ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/jquery-1.11.1.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 12:36:44 GMT
server: cloudflare
age: 6824
etag: W/"3647451394"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 5437e47279a48c74-VIE
access-control-allow-origin: *
expires: Fri, 22 Nov 2019 22:26:19 GMT

GET
H2 200 news.js Show response
www.bleepstatic.com/js/redesign/ 183 B
522 B 64ms
27ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/news.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 5875
cf-polished: origSize=247
status: 200
cf-bgj: minify
last-modified: Wed, 16 Dec 2015 15:41:46 GMT
server: cloudflare
etag: W/"4218930423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e47279a58c74-VIE
expires: Fri, 22 Nov 2019 22:32:25 GMT

GET
H2 200 connatix.renderer.infeed.min.js Show response
cdn.connatix.com/min/ 957 B
1 KB 45ms
6ms Script
application/javascript 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: c1ff893b404f02342111fc9d0159ed8f25ace7a36b998cdf0654494632470924

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
content-type: application/javascript
status: 200
x-referer-host: bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1576071857.030654,VS0,VE0
content-length: 957
retry-after: 0
x-served-by: cache-fra19164-FRA

GET
H2 200 qc-consent.js Show response
www.bleepstatic.com/js/qc-consent/ 3 KB
1 KB 24ms
24ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 513727
cf-polished: origSize=3848
status: 200
cf-bgj: minify
last-modified: Thu, 07 Feb 2019 13:49:44 GMT
server: cloudflare
etag: W/"3981350888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e47289bf8c74-VIE
expires: Thu, 09 Jan 2020 15:02:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cae697d304b6cae1bb457589d549ec39239ca1d1e32bd7201200cb7562eeb32

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
last-modified: Wed, 11 Dec 2019 12:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27662
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H2 200 logo.png
www.bleepstatic.com/images/site/ 1 KB
1 KB 16ms
16ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/logo.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 567794
cf-polished: origFmt=png, origSize=1882
status: 200
content-disposition: inline; filename="logo.webp"
cf-bgj: imgq:85
content-length: 1152
last-modified: Sat, 04 Mar 2017 04:12:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e472ba0b8c74-VIE
expires: Sat, 04 Jan 2020 00:01:02 GMT

GET
H2

200

brand Show response
cse.google.com/coop/cse/
Redirect Chain

https://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

3 KB
2 KB

27ms
6ms

Script
text/javascript

2a00:1450:4001:809::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

pfe /

Resource Hash

4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: pfe
age: 1767
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, max-age=1800
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1181
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:50 GMT

Redirect headers

date: Wed, 11 Dec 2019 13:44:17 GMT
x-content-type-options: nosniff
server: sffe
location: https://cse.google.com/coop/cse/brand?form=cse-search-box&lang=en
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 266
x-xss-protection: 0

GET
H2 200 pubfig.min.js Show response
a.pub.network/bleepingcomputer-com/ 435 KB
116 KB 553ms
485ms Script
application/javascript 2606:4700:20::681a:8b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: df67fe7059a0f6a20c2bfd96f18bd2d4027c5cfcf10d388afc2be8add8b77681

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: REVALIDATED
status: 200
x-guploader-uploadid: AEnB2Uq1xTXtE0i28vbcrPyN9A1M8eQR7vCBWiBeQc3NkKXvmW4t6aw6rvO-5dJn4PwouO69ahztE4zmYXg1wbRVZbQhMtVJxw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
last-modified: Tue, 10 Dec 2019 01:37:00 GMT
server: cloudflare
etag: W/"38cc5d09c49b3e92af04a7b92665ae8b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=GrzeWg==, md5=OMxdCcSbPpKvBKe5JmWuiw==
content-type: application/javascript
x-goog-generation: 1575941820806433
cache-control: public, max-age=1800
x-goog-stored-content-length: 445168
cf-ray: 5437e4734daa59b8-VIE
expires: Wed, 11 Dec 2019 13:45:17 GMT

GET
H/1.1 200
OK fab.js Show response
ecdn.analysis.fi/static/js/ 2 KB
1 KB 93ms
24ms Script
application/javascript 178.79.175.86
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://ecdn.analysis.fi/static/js/fab.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.79.175.86 London, United Kingdom, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: nb-178-79-175-86.london.nodebalancer.linode.com
Software: nginx/1.12.2 /
Resource Hash: 489b6703852c290f6b4d10eed79f17d378682f423e427c4e709fcf5aa16bc78e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:47:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Jul 2015 00:00:00 GMT
Server: nginx/1.12.2
ETag: "55a5a280-404"
Content-Type: application/javascript
Cache-Control: max-age=3600
Connection: close
Content-Length: 1028
Expires: Wed, 11 Dec 2019 14:47:03 GMT

GET
H2 200 login_bg.png
www.bleepstatic.com/images/site/ 126 B
290 B 18ms
18ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login_bg.png
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 1770367
cf-polished: origFmt=png, origSize=187
status: 200
content-disposition: inline; filename="login_bg.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e472ea3f8c74-VIE
expires: Sat, 21 Dec 2019 01:58:10 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 5ms
5ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 21 Nov 2019 15:36:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1721276
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 20 Nov 2020 15:36:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 20 Nov 2019 18:56:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 1795645
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11020
x-xss-protection: 0
expires: Thu, 19 Nov 2020 18:56:52 GMT

GET
H2 200 connatix.renderer.infeed.min_dc.js Show response
cdns.connatix.com/p/1823/min/ Frame 3B60 719 KB
187 KB 16ms
10ms Script
application/x-javascript 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Requested by: Host: cdn.connatix.com
URL: https://cdn.connatix.com/min/connatix.renderer.infeed.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 993c1f16583585bfabcf6f7d8c96bfd17752384ecadff84128606babaec416bd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
age: 622468
x-cache: HIT, HIT
status: 200
content-length: 191538
via: 1.1 varnish, 1.1 varnish
x-served-by: cache-dca17731-DCA, cache-fra19164-FRA
last-modified: Wed, 04 Dec 2019 08:46:48 GMT
x-timer: S1576071857.110633,VS0,VE0
etag: "46a9ce899a84c832dc2c7520dcf94dcc"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=31557600
accept-ranges: bytes
x-cache-hits: 2, 8420

GET
H2 200 cmp.js Show response
quantcast.mgr.consensu.org/ 213 KB
58 KB 33ms
9ms Script
text/javascript 2600:9000:20eb:6400:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/cmp.js
Requested by: Host: www.bleepstatic.com
URL: https://www.bleepstatic.com/js/qc-consent/qc-consent.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:6400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:29:48 GMT
content-encoding: gzip
last-modified: Mon, 25 Nov 2019 17:24:00 GMT
server: AmazonS3
age: 1657
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-meta-qc-ineu: True
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: s2nZXp6w8Bewk8u1kRrdhMA8JLVw2djCD-JFfkOIVplWX25lm9nhWQ==
via: 1.1 7eb0b6b84b224c3eff8520d4bc275e4c.cloudfront.net (CloudFront)

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 104 KB
38 KB 47ms
22ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

42835eddfccf126c4f65091c377c206334c2fb2838212d01965298cd4599b39f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37911
x-xss-protection: 0
server: cafe
etag: 2693738113432697870
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H2 200 twitter.png
www.bleepstatic.com/images/site/login/ 282 B
442 B 17ms
16ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/login/twitter.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 6824
cf-polished: origFmt=png, origSize=475
status: 200
content-disposition: inline; filename="twitter.webp"
cf-bgj: imgq:85
content-length: 282
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4730a678c74-VIE
expires: Wed, 11 Dec 2019 03:35:43 GMT

GET
H2 200 bootstrap.js Show response
www.bleepstatic.com/js/redesign/ 44 KB
10 KB 22ms
21ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bootstrap.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 6824
cf-polished: origSize=65813
status: 200
cf-bgj: minify
last-modified: Thu, 23 Apr 2015 12:36:43 GMT
server: cloudflare
etag: W/"3930092018"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e4730a6a8c74-VIE
expires: Fri, 22 Nov 2019 22:32:26 GMT

GET
H2 200 blazy.min.js Show response
www.bleepstatic.com/js/blazy/ 5 KB
2 KB 21ms
20ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/blazy/blazy.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Aug 2018 21:06:19 GMT
server: cloudflare
age: 6824
etag: W/"753357888"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 5437e4730a668c74-VIE
access-control-allow-origin: *
expires: Fri, 22 Nov 2019 22:32:26 GMT

GET
H2 200 bleep.js Show response
www.bleepstatic.com/js/redesign/ 3 KB
760 B 23ms
22ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/bleep.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 6824
cf-polished: origSize=3600
status: 200
cf-bgj: minify
last-modified: Mon, 01 Oct 2018 12:47:57 GMT
server: cloudflare
etag: W/"2696894447"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e4730a6b8c74-VIE
expires: Wed, 30 Oct 2019 15:49:59 GMT

GET
H2 200 jquery.fancybox.js Show response
www.bleepstatic.com/js/redesign/fancybox/ 31 KB
9 KB 22ms
21ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 5875
cf-polished: origSize=48706
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"327140449"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e4730a6d8c74-VIE
expires: Sun, 27 Oct 2019 06:52:21 GMT

GET
H2 200 fixto.min.js Show response
www.bleepstatic.com/js/fixto/ 8 KB
3 KB 18ms
18ms Script
text/javascript 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/fixto/fixto.min.js
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 13 Jun 2015 21:34:42 GMT
server: cloudflare
age: 2239
etag: W/"1740214911"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=3024000
cf-ray: 5437e4730a6c8c74-VIE
access-control-allow-origin: *
expires: Mon, 28 Oct 2019 12:38:16 GMT

GET
H2 200 addthis_widget.js Show response
s9.addthis.com/js/300/ 349 KB
113 KB 34ms
19ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s9.addthis.com/js/300/addthis_widget.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 30 Oct 2019 19:35:04 GMT
server: nginx/1.15.8
etag: "5db9e5e8-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Wed, 11 Dec 2019 13:44:17 GMT
x-host: s9.addthis.com
content-length: 114924

GET
H2 200 nav_bg.png
www.bleepstatic.com/images/site/ 72 B
233 B 17ms
17ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/nav_bg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 607693
cf-polished: origFmt=png, origSize=83
status: 200
content-disposition: inline; filename="nav_bg.webp"
cf-bgj: imgq:85
content-length: 72
last-modified: Sat, 04 Mar 2017 07:57:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4730a768c74-VIE
expires: Fri, 03 Jan 2020 12:56:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91740-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4240
date: Wed, 11 Dec 2019 12:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Wed, 11 Dec 2019 14:33:37 GMT

GET
H2 200 20x20-printer.png
www.bleepstatic.com/images/site/ 422 B
628 B 16ms
15ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/20x20-printer.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 2390710
cf-polished: origFmt=png, origSize=824
status: 200
content-disposition: inline; filename="20x20-printer.webp"
cf-bgj: imgq:85
content-length: 422
last-modified: Sat, 03 Oct 2015 03:18:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a828c74-VIE
expires: Fri, 13 Dec 2019 21:39:07 GMT

GET
H2 200 calendar.png
www.bleepstatic.com/images/site/ 86 B
344 B 20ms
20ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/calendar.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 571749
cf-polished: origFmt=png, origSize=129
status: 200
content-disposition: inline; filename="calendar.webp"
cf-bgj: imgq:85
content-length: 86
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a838c74-VIE
expires: Fri, 03 Jan 2020 22:55:08 GMT

GET
H2 200 clock.png
www.bleepstatic.com/images/site/ 252 B
414 B 15ms
15ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/clock.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 1243638
cf-polished: origFmt=png, origSize=1316
status: 200
content-disposition: inline; filename="clock.webp"
cf-bgj: imgq:85
content-length: 252
last-modified: Fri, 29 May 2015 07:08:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a858c74-VIE
expires: Fri, 27 Dec 2019 04:16:59 GMT

GET
H2 200 comment-light.png
www.bleepstatic.com/images/site/ 96 B
288 B 17ms
17ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/comment-light.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e

Request headers

Referer: https://www.bleepstatic.com/css/redesign/news.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 5874
cf-polished: origFmt=png, origSize=1034
status: 200
content-disposition: inline; filename="comment-light.webp"
cf-bgj: imgq:85
content-length: 96
last-modified: Fri, 29 May 2015 07:08:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a868c74-VIE
expires: Sun, 17 Nov 2019 22:27:17 GMT

GET
H2 200 32x32-printer.png
www.bleepstatic.com/images/site/ 256 B
425 B 16ms
15ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/32x32-printer.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 212533
cf-polished: origFmt=png, origSize=618
status: 200
content-disposition: inline; filename="32x32-printer.webp"
cf-bgj: imgq:85
content-length: 256
last-modified: Fri, 02 Oct 2015 21:57:19 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a878c74-VIE
expires: Wed, 08 Jan 2020 02:42:04 GMT

GET
H2 200 21beb902b545b086a90ec39f1df36b94.jpg
www.bleepstatic.com/author/photos/ 7 KB
8 KB 23ms
23ms Image
image/jpeg 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/author/photos/21beb902b545b086a90ec39f1df36b94.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 5874
cf-polished: origSize=7617, status=webp_bigger
status: 200
cf-bgj: imgq:85
content-length: 7581
last-modified: Mon, 26 Oct 2015 17:15:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4731a888c74-VIE
expires: Sun, 27 Oct 2019 21:33:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 10ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 19 Nov 2019 01:14:28 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 1945789
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11180
x-xss-protection: 0
expires: Wed, 18 Nov 2020 01:14:28 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 9ms
5ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,100,300,500,700,900
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 10 Dec 2019 05:00:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 117840
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 09 Dec 2020 05:00:17 GMT

GET
H2 200 h4-bg.png
www.bleepstatic.com/images/site/ 38 B
170 B 18ms
17ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/h4-bg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 5874
cf-polished: origFmt=png, origSize=72
status: 200
content-disposition: inline; filename="h4-bg.webp"
cf-bgj: imgq:85
content-length: 38
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4735aca8c74-VIE
expires: Thu, 21 Nov 2019 20:30:20 GMT

GET
H2 200 news_email_icon.png
www.bleepstatic.com/images/site/ 126 B
288 B 18ms
18ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_email_icon.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a

Request headers

Referer: https://www.bleepstatic.com/css/redesign/home.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 5874
cf-polished: origFmt=png, origSize=1105
status: 200
content-disposition: inline; filename="news_email_icon.webp"
cf-bgj: imgq:85
content-length: 126
last-modified: Fri, 29 May 2015 07:10:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4735acb8c74-VIE
expires: Sun, 08 Dec 2019 00:07:46 GMT

GET
H2 200 news_footer_icon.png
www.bleepstatic.com/images/site/ 110 B
255 B 16ms
16ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/images/site/news_footer_icon.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d

Request headers

Referer: https://www.bleepstatic.com/css/redesign/main.css?v=3.29.17.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 610040
cf-polished: origFmt=png, origSize=186
status: 200
content-disposition: inline; filename="news_footer_icon.webp"
cf-bgj: imgq:85
content-length: 110
last-modified: Sat, 04 Mar 2017 20:46:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4735acc8c74-VIE
expires: Fri, 03 Jan 2020 12:16:56 GMT

GET
H2 200 g Show response
ck.connatix.com/ 46 B
103 B 13ms
6ms Script
text/plain 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://ck.connatix.com/g?callback=cnxJSONP_1577b77b5621624f95821576071857193
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Varnish /
Resource Hash: 3fbfd6f5cbf3becde848ff3e522bdc44ad88cd9a90b61f1231db7b589a98c959

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish
server: Varnish
age: 0
x-cache: HIT
status: 200
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-cache-hits: 0
accept-ranges: bytes
x-timer: S1576071857.199915,VS0,VE0
content-length: 46
retry-after: 0
x-served-by: cache-fra19164-FRA

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 14ms
14ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1522108492&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&dr=http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00&ul=en-us&de=UTF-8&dt=Phishing%20Attack%20Hijacks%20Office%20365%20Accounts%20Using%20OAuth%20Apps&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1263425536&gjid=940482644&cid=1841999065.1576071857&tid=UA-91740-1&_gid=301855145.1576071857&_r=1&gtm=2ouav9&z=1247446988

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cmp-3pc-check.html
static.quantcast.mgr.consensu.org/v27/ Frame 7B72 0
0 24ms
9ms Document
text/html 2600:9000:2156:5800:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v27/cmp-3pc-check.html
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:5800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: static.quantcast.mgr.consensu.org
:scheme: https
:path: /v27/cmp-3pc-check.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
content-type: text/html
content-length: 583
last-modified: Mon, 18 Nov 2019 19:20:05 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 11 Dec 2019 13:42:37 GMT
etag: "2382c3f01978a379e8fa8bc1a3bec605"
x-cache: Hit from cloudfront
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Nwqv_Ao_OGm90RMiL8gK2nGk_cEUFxFj5NEl8BLMx-frhDdTg8t4pA==
age: 681

GET
H/1.1 200
OK moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 45ms
12ms Script
application/x-javascript 95.100.197.246
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 95.100.197.246 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-197-246.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:44:17 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 Nov 2019 20:13:52 GMT
Server: AmazonS3
x-amz-request-id: D4240DA2AA46DA12
ETag: "f14b4e1f799b14f798a195f43cf58376"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=49538
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 948
x-amz-id-2: Fr7GkCibvNM2X1qKF6ZxSEYmqLUvxOjmKIPUt5OHHnaxUA9JpjKDPQYHIpQ1Y0JKoSZGAdm2N8k=

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/ 2 KB
924 B 114ms
113ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-561517d2c7f964d6/_ate.track.config_resp
Requested by: Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-21-36-164.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.8.v20180619) /
Resource Hash: 5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
surrogate-key: ra-561517d2c7f964d6
server: Jetty(9.4.8.v20180619)
etag: -1808207170--gzip
vary: Accept-Encoding
cache-tag: ra-561517d2c7f964d6
status: 200
cache-control: public, max-age=11, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-type: application/javascript;charset=utf-8
content-length: 678

GET
H2 200 Phishing.jpg
www.bleepstatic.com/content/hl-images/2019/10/17/ 41 KB
41 KB 18ms
18ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/10/17/Phishing.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac050a029e8ec9ca8507acfe44ab38223eceb346c0ce141868960fc039b1d594

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 329606
cf-polished: qual=85, origFmt=jpeg, origSize=114544
status: 200
content-disposition: inline; filename="Phishing.webp"
cf-bgj: imgq:85
content-length: 42260
last-modified: Thu, 17 Oct 2019 12:02:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4742bd08c74-VIE
expires: Mon, 06 Jan 2020 18:10:51 GMT

GET
H2 200 292x176_Snatch_Ransomware.jpg
www.bleepstatic.com/content/hl-images/2019/12/09/thumb/ 2 KB
2 KB 19ms
18ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/12/09/thumb/292x176_Snatch_Ransomware.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9395e6dcccbdb0c0949db0de5c1288664f8bb9c14335f2ca1c7d1961940c37c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 117697
cf-polished: qual=85, origFmt=jpeg, origSize=3628
status: 200
content-disposition: inline; filename="292x176_Snatch_Ransomware.webp"
cf-bgj: imgq:85
content-length: 2230
last-modified: Mon, 09 Dec 2019 21:41:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4742bd18c74-VIE
expires: Thu, 09 Jan 2020 05:02:40 GMT

GET
H2 200 292x176_windows-7-update.jpg
www.bleepstatic.com/content/hl-images/2019/01/10/thumb/ 4 KB
4 KB 20ms
20ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2019/01/10/thumb/292x176_windows-7-update.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4af1d00b0e19b0fa9cd5c1ace0632c61d7d21648bd8118582dbaf83224c1f9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 117594
cf-polished: qual=85, origFmt=jpeg, origSize=4746
status: 200
content-disposition: inline; filename="292x176_windows-7-update.webp"
cf-bgj: imgq:85
content-length: 3738
last-modified: Thu, 10 Jan 2019 17:13:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4742bd28c74-VIE
expires: Thu, 09 Jan 2020 05:04:23 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
778 B 36ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
778 B 36ms
15ms Script
application/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.bleepingcomputer.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/ 245 KB
90 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

2424d4d0676494244257b830643c905eac8254d373e00bc0cf6a13158626921b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 91654
x-xss-protection: 0
server: cafe
etag: 2923717731764352670
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/ Frame 5208 0
0 6ms
6ms Document
text/html 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20191205/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20191205/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 05 Dec 2019 17:33:14 GMT
expires: Thu, 19 Dec 2019 17:33:14 GMT
content-type: text/html; charset=UTF-8
etag: 13309989325511048345
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 6574
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 504663
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 jquery.fancybox.css
www.bleepstatic.com/js/redesign/fancybox/ 4 KB
1 KB 18ms
17ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/js/redesign/fancybox/jquery.fancybox.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 1554
cf-polished: origSize=4895
status: 200
cf-bgj: minify
last-modified: Wed, 14 Oct 2015 20:25:51 GMT
server: cloudflare
etag: W/"9108074"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e4746c158c74-VIE
expires: Fri, 22 Nov 2019 22:32:28 GMT

GET
H2 200 font-awesome.css
www.bleepstatic.com/css/redesign/ 22 KB
5 KB 19ms
18ms Stylesheet
text/css 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/css/redesign/font-awesome.css
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: HIT
age: 6823
cf-polished: origSize=26776
status: 200
cf-bgj: minify
last-modified: Tue, 03 May 2016 04:39:29 GMT
server: cloudflare
etag: W/"1700274315"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3024000
cf-ray: 5437e4746c178c74-VIE
expires: Fri, 22 Nov 2019 22:32:28 GMT

GET
H2 200 pls Show response
core.connatix.com/ Frame 3B60 6 KB
3 KB 279ms
97ms Script
text/plain 34.195.95.173
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://core.connatix.com/pls?callback=jQuery321026294947961223114_1576071857191&token=83c6e833-8c07-474c-b10f-079d46320a80&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c_v=1823_0_0_0_0&page_guid=de39cf934a089cf0aecc1576071857337&spp=1&_=1576071857192
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.195.95.173 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-195-95-173.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: b4771b354bb4ce2c521d7076696d1d872cc9d7343afb9b722abc292db3045751

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
server: nginx/1.15.9 (Ubuntu)
access-control-allow-origin: *

GET
H2 200 cmpui-popup.js Show response
static.quantcast.mgr.consensu.org/v27/ 222 KB
60 KB 14ms
13ms Script
text/javascript 2600:9000:2156:5800:9:46dc:4700:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:5800:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:40:51 GMT
content-encoding: gzip
last-modified: Mon, 18 Nov 2019 19:20:04 GMT
server: AmazonS3
age: 246
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
status: 200
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: iItY6Kfop5meC9KySvFuhUPXpruPm-0TEkqjsL1_5uTjHOczaGUOCg==
via: 1.1 6b4954a8411e7b2a232537f8000c5c9d.cloudfront.net (CloudFront)

GET
H2 200 fontawesome-webfont.woff
www.bleepstatic.com/fonts/ 64 KB
64 KB 44ms
17ms Font
application/octet-stream 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bleepstatic.com/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepstatic.com/css/redesign/font-awesome.css
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Apr 2015 09:36:00 GMT
server: cloudflare
age: 1529
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
accept-ranges: bytes
cf-ray: 5437e474c99acbbc-VIE
access-control-allow-origin: *
content-length: 65452

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 6385 0
0 102ms
102ms Document
text/html 2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1575991265&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1576071857326&bpp=5&bdt=343&fdt=60&idt=60&shv=r20191205&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=2492402167315&frm=20&pv=2&ga_vid=1841999065.1576071857&ga_sid=1576071857&ga_hid=1522108492&ga_fc=0&iag=0&icsg=35184374718464&dssz=43&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065073%2C21065125&oid=3&pvsid=381247132831838&ref=http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=73

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0920899300397823&output=html&adk=1812271804&adf=3025194257&lmt=1575991265&plat=1%3A32776%2C2%3A16809992%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C30%3A34635776%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&ea=0&flash=0&pra=7&wgl=1&adsid=NT&dt=1576071857326&bpp=5&bdt=343&fdt=60&idt=60&shv=r20191205&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=2492402167315&frm=20&pv=2&ga_vid=1841999065.1576071857&ga_sid=1576071857&ga_hid=1522108492&ga_fc=0&iag=0&icsg=35184374718464&dssz=43&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065073%2C21065125&oid=3&pvsid=381247132831838&ref=http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00&rx=0&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=1&uci=a!1&fsb=1&dtd=73
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 11 Dec 2019 13:44:17 GMT
server: cafe
content-length: 44
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 11-Dec-2019 13:59:17 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Wed, 11 Dec 2019 13:44:17 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 78 KB
29 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20191205/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29463
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H2 200 vendorlist.json Show response
vendorlist.consensu.org/ 92 KB
17 KB 31ms
13ms XHR
application/json 2600:9000:2156:fe00:1:af78:4c0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vendorlist.consensu.org/vendorlist.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:fe00:1:af78:4c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e356e7e1d432bfb23c6eaf5c1b4a85b9c14ac4a10700ca215fc97fbd0d43f1ae

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

date: Sun, 08 Dec 2019 06:59:05 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 283513
x-cache: Hit from cloudfront
status: 200
access-control-allow-origin: *
last-modified: Thu, 05 Dec 2019 16:00:32 GMT
server: AmazonS3
access-control-max-age: 604800
access-control-allow-methods: GET
x-amz-version-id: PbAXzCTLB.Ky0_QflqbpxMzhIOiS.jl4
via: 1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
content-type: application/json; charset=utf-8
x-amz-cf-id: wVpAGu-vKZCPrVzkyZBzuAZ9xH7HEIU976GsDN0o1WY0lBStN8zt-g==

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 9ms
8ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 11 Dec 2019 13:44:17 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 404 CookieAccess Show response
api.quantcast.mgr.consensu.org/ 30 B
596 B 123ms
108ms XHR
application/json 13.225.78.6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.quantcast.mgr.consensu.org/CookieAccess
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/cmp.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.78.6 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-225-78-6.fra2.r.cloudfront.net
Software: /
Resource Hash: 5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C2
x-amzn-requestid: ccfe89c0-7cd7-45a6-a18d-aea224173ad8
x-cache: Error from cloudfront
status: 404
x-amz-apigw-id: EirbwF3HoAMFXGQ=
content-length: 50
access-control-allow-origin: https://www.bleepingcomputer.com
x-amzn-trace-id: Root=1-5df0f2b1-7b3ba4f051941b6c230789a4;Sampled=0
vary: Origin
access-control-allow-methods: GET, POST
content-type: application/json
via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
x-amz-cf-id: FJVEQlGM_N7oafONQy2CWyVBLJNyjUDsqyvVC-U9RsDNvUhZrb3Lww==

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 136 B
323 B 399ms
126ms Script
text/plain 54.164.73.180
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=469&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c_ivt=0&connatix_sess=tB2HbHO5_1HLgzr9_S77V8oJYNkZiKUdD0hYR5BG-k1wzGWl_YYVB8ZzbWdFJF5yDKSbR5O3-xQJPe5KexLeXqpgo_TMe-LYIvYcuWSX7wkdp5Oyh_nvV9cUP4epnJD1dJo0BIVxbfltfuP9d9vdatIB_qynTDevRkFXmMHwAXH2eDXZoyCNf2JfpyvuwHT_&notServed=false&xplr=false&c_s=false&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&gdpr=1&med_id=639404&req_no=0&v=1&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1&callback=cnxJSONP_2acec1147ff9911ce7831576071857678
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.73.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-164-73-180.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 8ec1e1ee811248318e893fee31c5ee75658109d5240ebe5777945a273a2c9f7c

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:18 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 135

GET
H2 200 340.jpg
i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/ 60 KB
60 KB 13ms
12ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/af391ba1-47b0-4ff1-87cb-08a6df11845f/340.jpg?mode=stretch&connatiximg=true&scale=both&height=469&width=834
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: dd97106d01f4ed05c72c6acae70c3e63f98964d9ce0cf3451bb7bdb29097f4fd

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49989
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 3
accept-ranges: bytes
x-timer: S1576071858.679578,VS0,VE0
access-control-allow-origin: *
content-length: 61591
x-served-by: cache-sjc3140-SJC, cache-fra19164-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/438cf51f-2f12-40ab-b86c-3e52b8a7d0b3/ 76 KB
76 KB 8ms
7ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/438cf51f-2f12-40ab-b86c-3e52b8a7d0b3/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 114666c1177e74550124afa6a783da0cb0f264652a27a4083748cbd5b139cdfe

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49989
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 3, 3
accept-ranges: bytes
x-timer: S1576071858.679283,VS0,VE0
access-control-allow-origin: *
content-length: 78089
x-served-by: cache-sjc3141-SJC, cache-fra19164-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/c2f9ba2d-702a-4dd1-ad93-4052a6b1c3e6/ 30 KB
30 KB 8ms
7ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/c2f9ba2d-702a-4dd1-ad93-4052a6b1c3e6/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: fa1884be7aabaacc259f4b324266bdd69c53da2df6c2b58a413b186bc6c9dce0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49990
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 3
accept-ranges: bytes
x-timer: S1576071858.679307,VS0,VE0
access-control-allow-origin: *
content-length: 30964
x-served-by: cache-sjc3143-SJC, cache-fra19164-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/4bf16d00-f562-497a-ab84-cb472a2c3f4c/ 24 KB
24 KB 8ms
7ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/4bf16d00-f562-497a-ab84-cb472a2c3f4c/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 476c82589ff631f9a39c7a49ec0a09a6bfcb7d3bf76e4ef9649e40d1dc9bbbf9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49990
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 3
accept-ranges: bytes
x-timer: S1576071858.679310,VS0,VE0
access-control-allow-origin: *
content-length: 24530
x-served-by: cache-sjc3121-SJC, cache-fra19164-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/0c867cd2-5c19-4588-91c0-ed3c3955c7df/ 14 KB
14 KB 8ms
7ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/0c867cd2-5c19-4588-91c0-ed3c3955c7df/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 6124b7c59aadae279e1f0ecb561ed9b0c4fe22cb31c32c8c934e5423887c5426

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49990
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 2, 3
accept-ranges: bytes
x-timer: S1576071858.679325,VS0,VE0
access-control-allow-origin: *
content-length: 14012
x-served-by: cache-sjc3130-SJC, cache-fra19164-FRA

GET
H2 200 1.jpg
i.connatix.com/s3/connatix-uploads/3b971c54-3506-4d21-ad2b-1b07a8a4dff3/ 13 KB
13 KB 12ms
11ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-uploads/3b971c54-3506-4d21-ad2b-1b07a8a4dff3/1.jpg?mode=crop&width=1001&height=563
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: ed175c8456e5dc1502e98bd33ff08e834d0a07e8721c5d8def0ea1987a67dfb0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 49990
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 3, 3
accept-ranges: bytes
x-timer: S1576071858.679553,VS0,VE0
access-control-allow-origin: *
content-length: 12928
x-served-by: cache-sjc3140-SJC, cache-fra19164-FRA

GET
H2 200 bleeping-computerlogo-lg.png
www.bleepstatic.com/logos/ 7 KB
7 KB 17ms
16ms Image
image/webp 104.26.13.6
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/logos/bleeping-computerlogo-lg.png
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
cf-cache-status: HIT
age: 1767315
cf-polished: origFmt=png, origSize=15281
status: 200
content-disposition: inline; filename="bleeping-computerlogo-lg.webp"
cf-bgj: imgq:85
content-length: 7156
last-modified: Wed, 07 Jan 2015 22:52:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 5437e4768ef78c74-VIE
expires: Sat, 21 Dec 2019 02:49:01 GMT

GET
H2 200 0_th_1.jpg
i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/ Frame 3B60 23 KB
23 KB 11ms
10ms Image
image/jpeg 151.101.14.217
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.connatix.com/s3/connatix-videos/af391ba1-47b0-4ff1-87cb-08a6df11845f/0_th_1.jpg
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.217 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 15220893
x-cache: HIT, HIT
content-type: image/jpeg
status: 200
cache-control: max-age=31557600
x-cache-hits: 1, 5
accept-ranges: bytes
x-timer: S1576071858.687257,VS0,VE0
access-control-allow-origin: *
content-length: 23507
x-served-by: cache-sjc3144-SJC, cache-fra19164-FRA

GET
H/1.1

200
OK

p2
sb.scorecardresearch.com/ Frame 3B60
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&ns...
https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&n...

43 B
309 B

7ms
7ms

Image
image/gif

23.11.238.95
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1576071857712&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c8=&c9=&cs_ucfr=0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.238.95 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-11-238-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:17 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://sb.scorecardresearch.com/p2?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=30000&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1576071857712&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c8=&c9=&cs_ucfr=0
Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:17 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 136 B
324 B 378ms
118ms Script
text/plain 54.164.73.180
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c_ivt=0&connatix_sess=tB2HbHO5_1HLgzr9_S77V8oJYNkZiKUdD0hYR5BG-k1wzGWl_YYVB8ZzbWdFJF5yDKSbR5O3-xQJPe5KexLeXqpgo_TMe-LYIvYcuWSX7wkdp5Oyh_nvV9cUP4epnJD1dJo0BIVxbfltfuP9d9vdatIB_qynTDevRkFXmMHwAXH2eDXZoyCNf2JfpyvuwHT_&notServed=false&xplr=false&c_s=false&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&gdpr=1&med_id=639404&req_no=1&v=2&c_pt=1&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1&callback=cnxJSONP_35a4f2ee9e7ad1232a8a1576071857717
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.73.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-164-73-180.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 1a478c5f649d48a89ad8a93f13780a7c7ef0718eb6615a2d28dc2d7d221e2f9e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:18 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 136

GET
H/1.1 200
OK cookie Show response
d.pub.network/ 36 B
527 B 648ms
113ms XHR
text/plain 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/cookie
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: ae19bcc931e28e62bdc6147727dd320df7e008ef8819f4a837f65a891ca34188

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:18 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 51 KB
16 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

801f94e439e56ff65c1f08e9f76fafe23788cf2a442c45842f9aa60b613aa338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "363 / 475 of 1000 / last-modified: 1576004261"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15802
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H/1.1 200
OK gallery.js Show response
freestar-io.videoplayerhub.com/ 65 KB
19 KB 36ms
8ms Script
application/javascript 143.204.101.32
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-io.videoplayerhub.com/gallery.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.32 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-32.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e17e6a39ec121fc90dae6efd59c254d9f2aa9f888d09078aafb3f6d2594d0700

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: uFlv_uXfnkvE._dkm6HFK0pfalFrj8XM
Content-Encoding: gzip
Last-Modified: Tue, 10 Dec 2019 19:13:32 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA50-C1
Date: Wed, 11 Dec 2019 13:44:17 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
Connection: keep-alive
X-Amz-Cf-Id: S35DU1BHYV7MYHR7oA3YDWUYSF4pIqw_XoLL8b94bNSheNj8M6bfKg==

GET
H2 200 prebid-analytics-2.36.5.js Show response
a.pub.network/core/ 388 KB
115 KB 175ms
174ms Script
text/html 2606:4700:20::681a:8b
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: br
cf-cache-status: BYPASS
status: 200
x-guploader-uploadid: AEnB2UrM3awttXks4DpNZiHb3zM46hrnYI-QTq4pQqoaYpxirsJAiyMJCvfAuhy6Ohfb5UixSblE7WAOoWd9xymi1hCUsl50QQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
last-modified: Tue, 05 Nov 2019 17:37:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=EJ1yIw==, md5=e2KPF9QKTQj2iapaLVhLdw==
content-type: text/html
x-goog-generation: 1572975461697049
cache-control: private
x-goog-stored-content-length: 397332
cf-ray: 5437e477296759b8-VIE
expires: Thu, 10 Dec 2020 13:44:17 GMT

GET
H/1.1 200
OK location Show response
d.pub.network/ 25 B
344 B 460ms
113ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/location
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:18 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK r
trk.connatix.com/ Frame 3B60 0
162 B 352ms
88ms Image
text/plain 3.215.1.64
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/r?connatix_sess=tB2HbHO5_1HLgzr9_S77V8oJYNkZiKUdD0hYR5BG-k1wzGWl_YYVB8ZzbWdFJF5yDKSbR5O3-xQJPe5KexLeXqpgo_TMe-LYIvYcuWSX7wkdp5Oyh_nvV9cUP4epnJD1dJo0BIVxbfltfuP9d9vdatIB_qynTDevRkFXmMHwAXH2eDXZoyCNf2JfpyvuwHT_&videoID=639404&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.1.64 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-215-1-64.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:18 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK vwt
trk.connatix.com/ Frame 3B60 0
162 B 348ms
87ms Image
text/plain 3.215.1.64
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/vwt?id_cl=9e46d107d3c09b2df1ac1576071857641&c_vid=639404&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.1.64 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-215-1-64.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:18 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK vwt
trk.connatix.com/ Frame 3B60 0
162 B 349ms
88ms Image
text/plain 3.215.1.64
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trk.connatix.com/vwt?connatix_sess=tB2HbHO5_1HLgzr9_S77V8oJYNkZiKUdD0hYR5BG-k1wzGWl_YYVB8ZzbWdFJF5yDKSbR5O3-xQJPe5KexLeXqpgo_TMe-LYIvYcuWSX7wkdp5Oyh_nvV9cUP4epnJD1dJo0BIVxbfltfuP9d9vdatIB_qynTDevRkFXmMHwAXH2eDXZoyCNf2JfpyvuwHT_&c_vid=639404&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.1.64 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-215-1-64.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:18 GMT
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 0

GET
H2 200 / Show response
audit.quantcast.mgr.consensu.org/ 80 B
476 B 24ms
8ms XHR
text/html 13.224.196.64
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://audit.quantcast.mgr.consensu.org/?log=;1576071857843;BleepingComputer.com;https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D;;;;;p,off,false,,1,en,27,178,true,false,false;displayConsentUi:mandatory,
Requested by: Host: static.quantcast.mgr.consensu.org
URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.64 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-64.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 11 Dec 2019 08:36:59 GMT
via: 1.1 c3b74c81fdcb7942211a6c721efa13fd.cloudfront.net (CloudFront)
vary: Origin
age: 18439
x-cache: Hit from cloudfront
status: 200
content-length: 80
last-modified: Mon, 11 Jun 2018 22:07:34 GMT
server: AmazonS3
etag: "0614149d8033903db5de46d6c184bbfd"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/html
access-control-allow-origin: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: fE56y7_u5VftmdNMFk5X6IrzWQTMkiEC68so4jxlqxD8Cm35X8icSA==

GET
H2 200 pubads_impl_2019120201.js Show response
securepubads.g.doubleclick.net/gpt/ 166 KB
61 KB 62ms
41ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Dec 2019 14:08:04 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 62423
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:17 GMT

GET
H/1.1 200
OK config.js Show response
confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/ 281 KB
60 KB 33ms
6ms Script
text/javascript 151.101.113.194
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f7a406daad03ab65ccbb5ca86093212c402b4eb09e13ca312033474acdf5fd59

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:44:17 GMT
Content-Encoding: gzip
Age: 2526
X-Cache: HIT
Connection: keep-alive
Content-Length: 60806
x-amz-id-2: 1xbYUq1qzNYqhYyGUITuUjNl6Ona3dmE8aCajnvBPEQhVgzpVVB+4BbbxfLmsuWFU6cVk5Wk1Tw=
X-Served-By: cache-hhn4063-HHN
Last-Modified: Wed, 11 Dec 2019 13:00:18 GMT
Server: AmazonS3
X-Timer: S1576071858.966215,VS0,VE0
ETag: "a306d15f9ddebd63a41d0da197407074"
x-amz-request-id: E9B2995EC8F5808C
Via: 1.1 varnish
Cache-Control: public, max-age=900, stale-while-revalidate=3600
Accept-Ranges: bytes
Content-Type: text/javascript
X-Cache-Hits: 48

GET
H/1.1 200
OK v2 Show response
d.pub.network/floors/ 2 KB
3 KB 575ms
117ms XHR
application/json 35.188.71.214
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/floors/v2?key=535desktop
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.188.71.214 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 214.71.188.35.bc.googleusercontent.com
Software: /
Resource Hash: 11f9cad4536f4a5fd7bdc1466ce10ee7f970a640e43b9d31a9b6cebbb5cb935c

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:18 GMT
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Transfer-Encoding: chunked
Content-Type: application/json

GET
H/1.1 200
OK p
sb.scorecardresearch.com/ Frame 3B60 43 B
309 B 8ms
7ms Image
image/gif 23.11.238.95
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=17958079&ns_ap_an=ConnatixWeb&ns_ap_bi=*null&ns_type=hidden&ns_st_sv=6.1.1.171219&ns_st_smv=5.8&ns_st_it=r&ns_st_id=1576071857711&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=235&ns_st_cl=30000&ns_st_mp=js_api&ns_st_mv=6.1.1.171219&ns_st_pn=1&ns_st_tp=0&ns_st_ci=v_639404&ns_st_pt=235&ns_st_dpt=235&ns_st_ipt=235&ns_st_et=235&ns_st_det=235&ns_st_upc=235&ns_st_dupc=235&ns_st_iupc=235&ns_st_upa=235&ns_st_dupa=235&ns_st_iupa=235&ns_st_lpc=235&ns_st_dlpc=235&ns_st_lpa=235&ns_st_dlpa=235&ns_st_pa=235&ns_ts=1576071857947&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_rt=100&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=BleepingComputer%20Highlights%20Feed%20-%20Daily%20Highlights&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=Connatix&ns_st_ti=*null&c3=*null&c4=*null&c6=*null&c7=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c8=&c9=&cs_ucfr=0
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.11.238.95 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-11-238-95.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:17 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK wrap.js Show response
confiant-integrations.global.ssl.fastly.net/prebid/201911261602/ 30 KB
12 KB 6ms
6ms Script
application/javascript 151.101.113.194
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://confiant-integrations.global.ssl.fastly.net/prebid/201911261602/wrap.js
Requested by: Host: confiant-integrations.global.ssl.fastly.net
URL: https://confiant-integrations.global.ssl.fastly.net/dvS98IKwDukcG6gPDYBBcCk9sKY/gpt_and_prebid/config.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.194 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8db624e21c35d3f1626601a61acb544d8dc307f820c325f945d4a2b60cb2c2eb

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:44:17 GMT
Content-Encoding: gzip
Age: 780
X-Cache: HIT
Connection: keep-alive
Content-Length: 11494
x-amz-id-2: +MmXd7I2qh9ftuh+IUtpjMNBmQsaYsvYI7hRtqEvVua62F21vaKoDApOaArSMmvY1h8aNU5kYy0=
X-Served-By: cache-hhn4063-HHN
Last-Modified: Tue, 26 Nov 2019 21:02:28 GMT
Server: AmazonS3
X-Timer: S1576071858.994599,VS0,VE0
ETag: "2c466e3e28fad37f3a2d6af83dcf47bf"
x-amz-request-id: 8136804A1BFAB3A6
Via: 1.1 varnish
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
X-Cache-Hits: 1549

GET
H2 200 beacon.js Show response
ad-delivery.net/ 1 KB
987 B 29ms
7ms Script
application/x-javascript 13.224.196.65
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ad-delivery.net/beacon.js
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-65.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 31 Jan 2017 15:06:54 GMT
server: AmazonS3
age: 1328
date: Wed, 11 Dec 2019 13:22:12 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: rLswtkIaKsbwkoONHx0DqwSbxa_K4ZNCwg1VMybe3fVj1M0kp5mpRg==
via: 1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)

GET
H2 200 48.008759e9efe1c1b693dd.js Show response
s7.addthis.com/static/ 281 B
486 B 9ms
9ms Script
application/javascript 2.21.36.164
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/48.008759e9efe1c1b693dd.js

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.21.36.164 , France, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a2-21-36-164.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-119"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Wed, 11 Dec 2019 13:44:18 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 246

GET
H2 200 / Show response
graph.facebook.com/ 308 B
414 B 58ms
44ms Script
text/javascript 2a03:2880:f01c:20e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_j8e60

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

0d7bc89dd915f55c4c3707f48417b2345427fbc24c1019a9b9a49f6b94d38ac3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Wed, 11 Dec 2019 13:44:18 GMT
x-fb-rev: 1001526639
alt-svc: h3-24=":443"; ma=3600
content-length: 212
pragma: no-cache
x-fb-debug: 6R2Ual8IMJajOL4H9Rj11j+qVMKD7QTHiDX9JilvaPDntFMnXiSO+ESaIzOjsWF8Ib4t9PYanE8ZDclNrJE9dA==
x-fb-trace-id: HSOjCigEuhg
etag: "3bdf2017f838333d88314d924a6a39d5f8d86505"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AeCdaMt-5lJpBnRV7GmsJB2
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 9 KB
2 KB 157ms
143ms Script
application/javascript 151.101.113.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F&jsonp=_ate.cbs.rcb_coby0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

7be78e59a895f3e0824eb4968f842cf3926c4734d752dd58097d0548b287a1e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 varnish
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 1918
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4065-HHN
x-moose: majestic
server: snooserv
x-timer: S1576071858.378183,VS0,VE137
x-frame-options: SAMEORIGIN
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

GET
H2 200 / Show response
graph.facebook.com/ 148 B
603 B 52ms
39ms Script
text/javascript 2a03:2880:f01c:20e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F&fields=og_object%7Bengagement%7D&callback=_ate.cbs.rcb_k4ro0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

ad1219ce07f5abb6a580cd4b2b7e9e36f1446565ae59d78c44eb5ffe36857394

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Wed, 11 Dec 2019 13:44:18 GMT
x-fb-rev: 1001526639
alt-svc: h3-24=":443"; ma=3600
content-length: 148
pragma: no-cache
x-fb-debug: NwFgJejF9VLtLfQUMqRkye0uVYnPf/npTdiJlrIygKDb2VSIuAjqjTR5cAtXovg704SnhLBPnWqHqmq4Dzf96Q==
x-fb-trace-id: ETDUqaEd9Hc
etag: "a2165cee01351ebf01beef7b30ba83431abf4fff"
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AU41fQ73ZIa31JjNWjyWomR
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.11
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 info.json Show response
www.reddit.com/api/ 126 B
260 B 233ms
220ms Script
application/javascript 151.101.113.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://www.reddit.com/api/info.json?url=http%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F&jsonp=_ate.cbs.rcb_2bwf0

Requested by

Host: s9.addthis.com
URL: https://s9.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

snooserv /

Resource Hash

5755b5964de3e4c7ae3e88dc348733174e5910724ba7ab2862974b75b7876018

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:18 GMT
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: MISS
status: 200
x-cache-hits: 0
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 126
x-xss-protection: 1; mode=block
x-served-by: cache-hhn4065-HHN
x-moose: majestic
server: snooserv
x-timer: S1576071858.378145,VS0,VE215
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: X-Moose
cache-control: private, s-maxage=0, max-age=0, must-revalidate, no-store, max-age=0, must-revalidate
x-ua-compatible: IE=edge
accept-ranges: bytes
expires: -1

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 547ms
111ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: ae19bcc931e28e62bdc6147727dd320df7e008ef8819f4a837f65a891ca34188

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:18 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK jquery.color-2.1.2.min.js Show response
cluster-na.cdnjquery.com/color/ 92 B
356 B 361ms
88ms Script
text/javascript 3.222.69.96
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://cluster-na.cdnjquery.com/color/jquery.color-2.1.2.min.js?integrity=btjsonpcallback1576071858512&checksum=%7B%22cbc%22%3A0%2C%22st%22%3A2%2C%22au%22%3A%5B%5D%2C%22hau%22%3A%5B%5D%2C%22ref%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D%22%2C%22aa%22%3A3%2C%22pgid%22%3A%2253d8d129-1c1c-11ea-8580-0752911904a5%22%2C%22v%22%3A1%2C%22format%22%3A%22jsonp%22%7D&o=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&csVersion=1.21.5&clearThroughOptions=undefined

Requested by

Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.222.69.96 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-3-222-69-96.compute-1.amazonaws.com

Software

nginx/1.12.1 /

Resource Hash

fb6b5dbf584b8797f1418b4a08dc775fae9a6925e29f849de60fdc3772668b40

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 11 Dec 2019 13:44:18 GMT
Content-Encoding: gzip
Server: nginx/1.12.1
ETag: W/"5c-bOjDQ4YDvvsA/REloq+NfqOAJ+4"
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Charset: utf8
Connection: keep-alive
Content-Length: 84

GET
H2 200 px.gif
ad-delivery.net/ 43 B
378 B 9ms
8ms Image
image/gif 13.224.196.65
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.0982185435025531
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.196.65 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-224-196-65.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)
last-modified: Thu, 27 Jul 2017 18:59:05 GMT
server: AmazonS3
age: 65100
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
x-cache: Hit from cloudfront
content-type: image/gif
status: 200
date: Tue, 26 Nov 2019 19:38:49 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: DiWLdZLQQDmlwq-Y6BAcNqK4_SkL6gzwP9PNWpJKGSFcEgX6nTbDoA==

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 719 B
1 KB 76ms
44ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

754b47d9024a3f0c2fab9b51b55aa24b38d41725d153c436c2d90d5bfc286798

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 11 Dec 2019 13:44:21 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.176:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 629a157b-1595-44d8-9480-f82edcd296ce
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
458 B 36ms
18ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Wed, 11 Dec 2019 13:44:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e4805f7364c7-FRA
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 729 B
1 KB 63ms
32ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

3b8dbe2dcbfef12c9fe61adb3ae7f0c550657f846dab86b13ffd1735dd34b0ee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 11 Dec 2019 13:44:21 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.173:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 93022378-217f-455a-bb27-82f71757304a
Server: nginx/1.13.4
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
793 B 30ms
10ms XHR
application/json 18.194.120.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=2.36.0&referrer=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tmax=1200

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.194.120.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-18-194-120-191.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:19 GMT
x-auction-status: 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 33ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=4875e4890ecffe1&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 31ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=4994e827348990a&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 32ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=5053e88b65c8abf&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 33ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=51fef43273e9fb6&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 33ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=5281d128599b8ff&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 33ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=53004a1cfede72c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 41ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=546ab493d65fcf7&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 44ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=55b26865b12dbff&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 43ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=5605c4e7ba30fb3&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 42ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=5793f91048ab932&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 43ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=5835adb6295f6e5&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 42ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=59a6a801ca0ae34&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 48ms
7ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=60ee12aafa2ea96&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 50ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Ggh1aXSgpQAvBpkxoyAsBJPd&bidId=6119f3eaa292cbe&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 49ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=DSthphoQqH66AkQXPDoXn74b&bidId=62e2629c2b074f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 51ms
9ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Y2PwNBba8FyKXESSc72DFF25&bidId=638c6104efe01f2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 50ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=Kwm6ycRx3Uk3CYRoM3xEqtjr&bidId=641f6cdee2dee2&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 25 B
914 B 343ms
312ms XHR
application/json 95.100.197.53
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%226577f895c9ea0c8%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2266b446c5b9a5758%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2267518d752466894%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%22683827c9bbd817a%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2269f6dbef3ee2cef%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%22705d182127c8c1c%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%227177eb23b85170a%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%2C%7B%22id%22%3A%2272cad895c057047%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2273d63434d60fb8%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%227454742291311b8%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2275b3a95e63d2122%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%2C%7B%22id%22%3A%2276e2cb2c0a2c467%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2277f871ed52276f6%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x250%22%7D%7D%2C%7B%22id%22%3A%2278f87bebc5824ff%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22300x600%22%7D%7D%5D%2C%22site%22%3A%7B%22ref%22%3A%22http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00%22%2C%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.197.53 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-197-53.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: cf9f183ea7ccafe9bc60901fdb82d3b33e190c5344704021a1103d21409d40e9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 45
Expires: Wed, 11 Dec 2019 13:44:19 GMT

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 65 KB
66 KB 143ms
113ms XHR
application/json 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: 3751f364a5919eebc891214dc84fc296d0d4fb0469407fdceaa5fd45ab211b49

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 200
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
x-openrtb-version: 2.3
access-control-allow-credentials: true
date: Wed, 11 Dec 2019 13:44:19 GMT
content-type: application/json

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 93ms
62ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=acf68298-5b81-40b4-b696-a7a6ea36bbc8&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4509970770604752
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 629f4758d1701315fb09e687058c937c97b5c2a45654173e16e96ccd424f8604

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=195
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 111ms
78ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=e96cd8cc-0587-4c6f-8e1a-3ec2f89a95b0&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7306221062117988
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: e4ab7a4682406adf2cb05b60d48f1ff7dcd2c86ed838445862cf6ea53456b585

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=175
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 257 B
2 KB 114ms
81ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=334383b3-0886-49fa-9156-df2f0e3eeab7&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4723503219812595
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 3997e0d9be8f59a4a38b28fcf2fecde1ede60420cb7ab7ae28d2e378de3ddf04

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=457
Content-Length: 257
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 257 B
2 KB 122ms
89ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=d41613c3-9bd5-4103-b4e5-acb22409cdee&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.124098045819649
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 11e0d7b2584273c3b1135243d24c0952bb4d964a164d343f9cd190098030f2fa

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=133
Content-Length: 257
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 236 B
2 KB 106ms
73ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=320cfec3-bfb2-4168-a2f5-5e8c8f6de486&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.2965851038500422
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 0edfae1fdacd0b79a1ced01146fbd883293bc86750bdc97bb8f247c85a7b8545

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=276
Content-Length: 236
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 257 B
2 KB 115ms
77ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=15&alt_size_ids=10&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=c46a176e-b524-462e-a4ca-65d1e3784fc3&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.2266434944113429
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: caf65d9a0c255ed442f4a5684941a2cb5098d62879c961559a65fbdc24796ed8

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:19 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=198
Content-Length: 257
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 208 KB
40 KB 892ms
892ms XHR
text/plain 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=381247132831838&correlator=3882748004113971&output=ldjh&impl=fifs&adsid=NT&eid=21065167&vrg=2019120201&guci=1.2.0.0.2.2.0.0&plat=1%3A536903688%2C2%3A553680904%2C8%3A134250504&sc=1&sfv=1-0-37&ecs=20191211&iu_parts=15184186%2Cbleepingcomputer_728x90_970x90_970x250_320x50_ATF%2Cbleepingcomputer_728x90_970x90_970x250_320x50_BTF%2Cbleepingcomputer_300x250_300x600_160x600_Right_1%2Cbleepingcomputer_300x250_300x600_160x600_Right_2%2Cbleepingcomputer_728x90_320x50_InContent_1%2Cbleepingcomputer_1x1%2Cbleepingcomputer_300x250_300x600_160x600_Right_3&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=728x90%7C970x90%7C970x250%2C728x90%7C970x90%7C970x250%2C300x250%7C300x600%2C300x250%7C300x600%2C728x90%2C1x1%2C300x250%7C300x600&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1575991265&dt=1576071859253&dlt=1576071856983&idt=945&frm=20&biw=1600&bih=1200&oid=3&adxs=436%2C436%2C1082%2C1082%2C268%2C800%2C1082&adys=146%2C7680%2C327%2C1136%2C6249%2C8186%2C1661&adks=960084856%2C976516616%2C771041174%2C2389526111%2C4047242158%2C2635258439%2C523518761&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&ref=http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00&dssz=57&icsg=2251799983562752&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1170x120%7C1200x90%7C306x250%7C306x250%7C834x90%7C1600x8187%7C306x250&msz=1170x90%7C1170x90%7C306x250%7C306x250%7C834x90%7C1600x1%7C306x250&ga_vid=1841999065.1576071857&ga_sid=1576071857&ga_hid=1522108492&fws=4%2C4%2C4%2C4%2C4%2C4%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

7af7ce20b3bb355321409e48397c0ebf467b64dbd45d1eb7fa71fabcc2e82c75

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12182185589746292078/Index_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12182185589746292078/Index_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIrLxZrdreYCFQmrdwodNx0GIw&gqi=&layout=/sadbundle/%24csp%253Der3%24/12182185589746292078/Index_300x600.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12182185589746292078/Index_300x600.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/12182185589746292078/Index_300x600.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIrLxZrdreYCFQmrdwodNx0GIw&gqi=&layout=/sadbundle/%24csp%253Der3%24/12182185589746292078/Index_300x600.html
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
google-creative-id: -2,-2,-1,-1,-1,138254592126,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 39799
x-xss-protection: 0
google-lineitem-id: -2,-2,-1,-1,-1,4893662829,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
date: Wed, 11 Dec 2019 13:44:20 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl_rendering_2019120201.js Show response
securepubads.g.doubleclick.net/gpt/ 64 KB
24 KB 40ms
39ms Script
text/javascript 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

sffe /

Resource Hash

1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 02 Dec 2019 14:08:04 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 24817
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:19 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 27ms
7ms Other
text/html 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
436 B 37ms
19ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Dec 2019 13:44:19 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e480aed9d6b5-FRA
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
527 B 111ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: fdadf601a8b1e2e019ee78f618352c4f7428b095f1cd2a0a6a8be87b362006d2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:19 GMT
Access-Control-Allow-Credentials: true
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
915 B 118ms
118ms XHR
application/json 95.100.197.53
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%221091b7ae7eef0881%22%2C%22imp%22%3A%5B%7B%22id%22%3A%22110f120138ce6d11%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%221114898b34584646%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%221123633f11f161a3%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%2C%22site%22%3A%7B%22ref%22%3A%22http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00%22%2C%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.197.53 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-197-53.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4e4875bfa349c5df0caf5e9bfe919345ac2b8bb00dca6794516e499aaf89e9e9

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 78ms
78ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=34ebf169-0655-45c7-8abb-fbf552f3b54c&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3753291523669571
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 80b8659c8eee1333870061b8657a385cf821032b276f18ff97ac282d4ef5962f

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:20 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=303
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 30ms
30ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

79f1c7d34175bb228a52bf97c328c5327893acc1eaa41b3d8a40a5c1bae59984

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:22 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.180:80
AN-X-Request-Uuid: 90b2ed51-8356-4dc6-afa6-c448a1e7fe2f
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
521 B 7ms
7ms XHR
application/json 18.194.120.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.194.120.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-18-194-120-191.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:20 GMT
x-auction-status: 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
158 B 17ms
17ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e4861c1a64c7-FRA
access-control-allow-headers: origin, content-type

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 94ms
94ms XHR
text/plain 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 11 Dec 2019 13:44:20 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 8ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=12983d44f1b3f37&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 8ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=130c446372cebc3f&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 9ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=13111d8d4ac951ec&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 24ms
24ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

d394ac2b72c9d9689fd63e0344482578cceabe9bcf6556a972598221d41122de

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:22 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.174:80
AN-X-Request-Uuid: a3a8c70c-95ee-4011-87e4-71fd3b5a4d5d
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame E322 0
0 7ms
6ms Document
text/html 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
timing-allow-origin: *
content-length: 2973
date: Wed, 11 Dec 2019 13:16:58 GMT
expires: Thu, 10 Dec 2020 13:16:58 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1642
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/011911070201440/ 20 KB
7 KB 62ms
30ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 1401
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7132
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 13:20:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "796f98bb73f13f89"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 13:20:59 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011911070201440/ Frame C56D 200 KB
54 KB 45ms
13ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3521
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55611
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c4309c2c9fce1d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:45:39 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame C56D 15 KB
6 KB 61ms
30ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3586
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5592
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9ac5c138bfec1b90"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:34 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame C56D 151 KB
40 KB 59ms
28ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 41358
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ed96f4a845755c74"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:12 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame C56D 3 KB
1 KB 58ms
28ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 71220
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Tue, 10 Dec 2019 17:57:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "49ed1549bef9ee2d"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Dec 2020 17:57:20 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame C56D 44 KB
14 KB 52ms
21ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3607
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14180
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "15a9b640489a7720"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:13 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C56D 4 KB
677 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 13:44:20 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 13:44:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame C56D 4 KB
631 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 13:44:20 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 13:44:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
DATA 200
OK truncated
/ Frame C56D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a2c374a42747c249c054d814e461ebdb0b805cb6df31b8ede3999216ad27f8d

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011911070201440/ Frame 6A13 200 KB
55 KB 30ms
5ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3521
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55611
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c4309c2c9fce1d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:45:39 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 6A13 15 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3586
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5592
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9ac5c138bfec1b90"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:34 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 6A13 151 KB
41 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 41358
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ed96f4a845755c74"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:12 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 6A13 3 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 71220
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Tue, 10 Dec 2019 17:57:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "49ed1549bef9ee2d"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Dec 2020 17:57:20 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 6A13 44 KB
14 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3607
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14180
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "15a9b640489a7720"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:13 GMT

GET
DATA 200
OK truncated
/ Frame 6A13 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e01ca8abcf25a2b6ef4ad3eac61fdc947cd88abca214b83861e53dd0256cf75d

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame BC73 0
0 23ms
23ms Fetch
image/gif 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvt5U_UebcU-B9M7ox7AGs_AIVXnbss-6uazO8d29kCNn4_d-1VpV1UHQ6BUgcYvw7gtY_BK4Z5FwnLW6MtPKl_pqG-2aZops-nSknH11ZW04lzvShDqWd_O5gav6Ly28mnAmS3b0fuIL1s1M9RWP6tDB6AWFnQuSFF_-T6okl34cY1a-iH9BjgE8EUh86Nm98L0AC2FmAvBbOiYc6Y4iWrdWBY98orvuoD937EB7oL0SIHl6aScoJbR95OdbuDgsbYAguAKcPtFC00SGA6i93lZGbgSYQXnLuB&sig=Cg0ArKJSzErx4pQhySNoEAE&urlfix=1&adurl=

Requested by

Host: info.bettercloud.com
URL: http://info.bettercloud.com/jbHZ0C3aK00fH0AeY1S0n00

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
server: cafe
status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 osd_listener.js Show response
www.googletagservices.com/activeview/js/current/ Frame BC73 77 KB
29 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:814::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1575654529893506"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 29272
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
H2 200 amp4ads-v0.js Show response
cdn.ampproject.org/rtv/011911070201440/ Frame 7582 200 KB
54 KB 41ms
30ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3521
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 55611
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:45:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c4309c2c9fce1d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:45:39 GMT

GET
H2 200 amp-ad-exit-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 7582 15 KB
6 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-ad-exit-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3586
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 5592
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9ac5c138bfec1b90"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:34 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 7582 151 KB
40 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-analytics-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3608
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 41358
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ed96f4a845755c74"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:12 GMT

GET
H2 200 amp-fit-text-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 7582 3 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-fit-text-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 71220
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1402
x-xss-protection: 0
server: sffe
date: Tue, 10 Dec 2019 17:57:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "49ed1549bef9ee2d"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Dec 2020 17:57:20 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/rtv/011911070201440/v0/ Frame 7582 44 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:824::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/011911070201440/v0/amp-form-0.1.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 3607
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 14180
x-xss-protection: 0
server: sffe
date: Wed, 11 Dec 2019 12:44:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "15a9b640489a7720"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Dec 2020 12:44:13 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7582 4 KB
631 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 13:44:20 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 13:44:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 7582 4 KB
631 B 27ms
27ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 11 Dec 2019 13:44:20 GMT
server: ESF
access-control-allow-origin: *
date: Wed, 11 Dec 2019 13:44:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Wed, 11 Dec 2019 13:44:20 GMT

GET
DATA 200
OK truncated
/ Frame 7582 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc895d4e6adc4fe512e7fb18dbd9df9c8688b5d013060c4fb63342a185727815

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3176937312141233685/ Frame C56D 16 KB
16 KB 8ms
6ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3176937312141233685/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qmjMKlXn0_JDITo8EI_qJWUMmw_yQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b474eaa106d18f05c5c16c290b7369399b3b942ff50e6afe59c151d7d836b753

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 Nov 2019 23:37:24 GMT
x-content-type-options: nosniff
last-modified: Wed, 16 Oct 2019 02:07:21 GMT
server: sffe
age: 1692416
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16754
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:37:24 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8578129967820296872/ Frame C56D 5 KB
5 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8578129967820296872/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qm5y3CelUOkKslL2rqGB5CLFSvb1A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 20 Nov 2019 11:43:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 08 Jan 2019 00:33:08 GMT
server: sffe
age: 1821670
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 5350
x-xss-protection: 0
expires: Thu, 19 Nov 2020 11:43:10 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C56D 0
0 21ms
20ms Image
text/html 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CV7zls_LwXeenFonW3gO3upiYAsXZo8Javrq2_4EK6KjpyNwTEAEg2tfFOWCVAqAB0vjL4gPIAQbgAgCoAwHIAwqqBN8DT9CbNKlPVdfYMiKbdNrgXEtiglyFM043QHenOb6eEWk7zTGxCt0SuUkHMZoGLOrlkQzHZucsKvY45YZXVYrvDvN8kq2KJTRMqD99L8gJcQfsx3GEJrluoL2JJey0r_qRZvzMguxfKQcMexGjD7U_AUXQcjR7wS2lLa_Kd17esY1QrV-TR0kRJoDQ85xKhHcD22fqPEWjMuUfd1czswrAcb_J2m8IBIigu3CpktvkvfdTAugbkYGy0kdNjEdgd-8yoFDRbR5r7l2utf5rceafjviv0jj768qgx2o0VW4hP3EnLba_Bfb1fOwUo6NPkPNDjJ8tZzk5yKtbr98A-VGxWrkDkBYetCAgvzbbEmc_3FIGja0NiOtXktBg7_Bd6Pu2tVXsVuxu3J02Z9h9sVaDs1yb25EOLAbaKDEaz99-Tpt42_rQlAWPQBdAD1zretksMey8fs5xVaWLs6TVlKRdjzUuuTd7ZCsCWpM_ZQyucuW3LomQf_F95llGme-MqXVaQHmXTX2gcg1g3KocXFoR0dlkfygAigmefjDxwiIrVmWuF-6a-nmnreMdNlSyaDXOZKNPhN6fJ2xAiaKBPvCwCh_6b8sGKfJmQa7TfH5f3g62gHO3hC2tm65AYr0-eLbABN2XkfH6AeAEAaAGN4AHgYjWQ6gHjs4bqAfVyRuoB5PYG6gHugaoB_LZG6gHpr4bqAfs1RvYBwHyBwQQ4MMH0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi0xNzQyMjQ5NjAzMjg5MDgzgAoDyAsB2BMDiBQE&sigh=RXwuKQru-M8&template_id=492&tpd=AGWhJmt1kpUDyBuQTc66Y87izQihjPIT744YwIHGKOwFkBj2vw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2

200

B22124189.255033225;dc_pre=CPCx_JrdreYCFRTJdwodcJsH2A;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/ Frame C56D
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_pre=CPCx_JrdreYCFRTJdwodcJsH2A;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_ch...

42 B
120 B

28ms
27ms

Image
image/gif

172.217.22.6
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_pre=CPCx_JrdreYCFRTJdwodcJsH2A;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s14-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://ad.doubleclick.net/ddm/trackimp/N718679.3159GOOGLE/B22124189.255033225;dc_pre=CPCx_JrdreYCFRTJdwodcJsH2A;dc_trk_aid=450834180;dc_trk_cid=121092504;ord=4206177772;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C56D 0
0 14ms
14ms Image
text/html 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTHwyfWJOEVhz2KVNtONdOKXodcmzpjMkIZHscdmHh4xG0-fibOmVFtyASsIbq3JuvxGT_bfTRAuNPWzQqzSt94FByI6A
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C56D 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 51038
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Dec 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C56D 295 B
357 B 11ms
6ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 57059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Dec 2019 21:53:21 GMT

GET
H2 200 521094130518493715
tpc.googlesyndication.com/simgad/ Frame 6A13 19 KB
19 KB 10ms
9ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/521094130518493715?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnngNYMW2v3WEwO6ajaPDcx1bZdlQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

23b5c1b719d09a1ecaebcabfbfd56378d9431e37dac5e83f2be512d4e6ffad92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 20 Nov 2019 11:43:15 GMT
x-content-type-options: nosniff
last-modified: Sat, 12 Dec 2015 22:31:35 GMT
server: sffe
age: 1821665
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 19061
x-xss-protection: 0
expires: Thu, 19 Nov 2020 11:43:15 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6A13 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 51038
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Dec 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6A13 295 B
359 B 13ms
4ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 57059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Dec 2019 21:53:21 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6A13 0
0 25ms
17ms Image
text/html 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C2QkLs_LwXfSpFonW3gO3upiYAtrTqdJa_fKJ4qYIr6_0-N4OEAEg2tfFOWCVAqABrveZ0gPIAQKpAnqMj6oIXKk-4AIAqAMByAMIqgThA0_QNP7o4j8HlYL7kRxcFCMlpuQbbNXQG2aIYlHHQSdPlxk7h4KF2NybLngCEj2GZ2Qwqw_ikSQ7bvw7k6IUprgDCZMXmpHxWOa1uM8GHGxCEJHXiNE0f3KYm9TfiZIK4-yoNeGqvG_VFYk5gjl2RnMSToHuH2D5TbpEXVEnf2f0p1Kvhex8gOgEdqwdgBIa319XjzhNOByKED7OgxMe2Ykgvq-FuRwhkzDXxgkZzAchs53dOpD905rcXfMDgp4HtuAjFWWE-vMje4E24bzN3gKuKoaEAPKudzhGqINDBv0QCvtfjV8vWVyaWzoC6YB5E5Yw75NE3Rq8arM3QTr6F0oeBufg5ml4YfibYcDwIy467xvfQfIcJuwGmtrB-mrDRakS55Zvu6acS_S6nkFEyci_HhANtAmNly6f65W8k14SwRbTD7LFxdUzTPmRKGPFIXJfdnVW_dQmmRvB3IwwAnJ7vb4lktGAYENCaiTgHsowNtUsu0sCw4JCsMtG4mHOgPcL25XGgvNbtIfRAOAxbZpF8KBXrXObE8PcfmFG1ZPP5wj_lzfPJFN4naaF59NLtg6uASjumr-Mh8uqT7tdqmqHQdNrDEKeWRJ8d9ybJd-jlO4ge369SCIGrsO_7k9xD07ABJu6i9CAAuAEAZIFBAgEGAGSBQQIBRgEoAYCgAe6iOYtqAeOzhuoB9XJG6gHk9gbqAe6BqgH8tkbqAemvhuoB-zVG9gHAfIHBBDgmQ3SCAkIgOGAEBABGB3yCBthZHgtc3Vic3luLTE3NDIyNDk2MDMyODkwODOACgPICwHYEww&sigh=sglYB7Is1s4&tpd=AGWhJmuW6Q3W0LXh228nlR8a_7zt6_UJSEBG1T2Dm7JUqpACgw
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14155507193148450036/ Frame 7582 35 KB
35 KB 10ms
5ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14155507193148450036/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qmLSIe2i9BtTCZV5XSJFjM-LHuc7w

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a71a31aec78d0ae1323fa167b31dbae07edcbcfdf17ab3ca1846a11c228c31dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 07:48:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Nov 2019 11:13:33 GMT
server: sffe
age: 107761
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 35689
x-xss-protection: 0
expires: Wed, 09 Dec 2020 07:48:19 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9531774676319628414/ Frame 7582 37 KB
37 KB 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9531774676319628414/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qmknfp9jE9e4_LTbfOq4X7LdL95cw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

472091ecac69aca924adad5836979f0fd14e5e962b7012fd1df98d80caef03a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 Nov 2019 06:02:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Jun 2019 11:15:08 GMT
server: sffe
age: 1410104
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37865
x-xss-protection: 0
expires: Tue, 24 Nov 2020 06:02:36 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7582 0
0 23ms
17ms Image
text/html 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CjAI1s_LwXZ2sFonW3gO3upiYArqj-LVa9rHds7IKv87z_QgQASDa18U5YJUCoAG_25feAsgBBuACAKgDAcgDCqoE2ANP0GLIxw3bh3_gXjKGJ2csjJTYpeIMVCnuSdDsqcSEqvtf_rGfQr5igputhXtwM_ISf1xfyqqS9ZfOjw_xkpvYISsPLGbxwRqxPB3VpdPE9aJcVlzJyRiVicbso_RL4Hi-DQY4CxtX-q-Aw_gfhiRorj_EpDl0nuM6kiOImNQSN14DYWUfKAyYmuK-cczKJrHf-oSC-0_w6TlTsv8245N6s9NNluLVjFb99OCISV9leBOe9MmFTNQvZ8ZR4uQ8uA11d7ZbxpJq3r_8mT9aaTkQGaCW7_2LFRwdtDw9WXOQyoiUhzF7uSkY7u0lKFyG4Jc4fE3rYgNdZS4SfLR9NuJgro_sfKIfcfC1cq8FjFPCVtzJd41Y1LViv5KiLCIaxOtshamC_R7ZTi1jQbtfDsvLWbDtmKBfTW7WeapTgd7MSFHoHIX0-prry_nwkoEA9WG6CINPPacY2p0PqiOko6FqXJm4ta_4pKIwvUbLntfW0g-BFVHL6-5QrWEqqrmH-tILVGAPM7hUFMWEizTrXYqbQjQqsUuZUCyRJS65bt360lamRbMwzLtPckaQ45myfZ4pFKdk6m2gthxHiRqMDzcnE4ZTSmD_n7fbDy1mDaAXYU0hMyDuGP6HwAS7mp72tgLgBAGSBQQIBBgBkgUECAUYBKAGN4AHqaTooQGoB47OG6gH1ckbqAeT2BuoB7oGqAfy2RuoB6a-G6gH7NUb2AcB8gcEEJOlD9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tMTc0MjI0OTYwMzI4OTA4M4AKA8gLAdgTAg&sigh=tDtrodQ8U0M&template_id=492&tpd=AGWhJmtUQRnjUfJ6o34Pdp6JQt9lLpz6NxGDyAOB8_3mXwtyXA
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: fra15s46-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 204 l
www.google.com/ads/measurement/ Frame 7582 0
0 17ms
13ms Image
text/html 2a00:1450:4001:817::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSuMuh4sjXD0w7tSUvulPMED6dbgq8JI81Ws4HLCrmhQAc-wejaXtr8qR3IhOEb94RKNnU72Vjf-6xO_EjnM-cgMi-DdQ
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7582 2 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 51038
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Dec 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7582 295 B
401 B 8ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 57059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Dec 2019 21:53:21 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
521 B 29ms
22ms XHR
application/json 18.194.120.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.194.120.191 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-18-194-120-191.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Dec 2019 13:44:20 GMT
x-auction-status: 12, 12, 12, 12
status: 200
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 9ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=GrVComq83JzCSLK1pi9waoyR&bidId=1430121d8441f8a6&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 12ms
10ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=wDH8n844o8J5LF7qDwHQ7sj5&bidId=144ba5de06b90b3c&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 204
No Content v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
168 B 10ms
8ms XHR
text/plain 18.195.86.132
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1?placement_key=L7rKdgz52e7UZ4fMkwkYmaxf&bidId=145ecbe448f6f9f4&consent_required=false&instant_play_capable=true&hbSource=prebid&hbVersion=2.36.0&strVersion=3.1.0&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.86.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-86-132.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 259 B
2 KB 189ms
183ms XHR
application/json 69.173.144.140
The Rubicon Project

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1006006&size_id=2&alt_size_ids=55%2C57&rf=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&tk_flint=pbjs_lite_v2.36.0&x_source.tid=ca71fba0-7fdc-44b6-b010-1da10fea5613&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7676772415017339
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: RAS 2.4 /
Resource Hash: 103dc14e51cd840e1ed5186cfafaec363e524401976bb70c1fd2cbd700b6d102

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:20 GMT
Server: RAS 2.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=180
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 40ms
36ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

8a791f8ed5db4d28f7a99f70f9b51ceaeb4f422122d6db743e6f887b093d0737

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:22 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.141:80
AN-X-Request-Uuid: f69a3ce8-f61d-4625-b172-2fb92f2f1862
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 42ms
38ms XHR
application/json 185.33.223.221
AppNexus

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.221 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

316.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

546cd24fc4b21b7d43d957482fca198eee4c67b3da6b9a4c32659ff17e79787f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:22 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 316.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.149:80
AN-X-Request-Uuid: 569ccb3c-adde-41b2-a0ba-452703894c2a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 v1 Show response
dmx.districtm.io/b/ 0
40 B 23ms
19ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Access-Control-Request-Method: POST
Origin: https://www.bleepingcomputer.com
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.bleepingcomputer.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
status: 204
access-control-max-age: 14400
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e4867c8564c7-FRA
access-control-allow-headers: origin, content-type

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
66 B 99ms
95ms XHR
text/plain 185.64.189.112
PubMatic

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Wed, 11 Dec 2019 13:44:20 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://www.bleepingcomputer.com

GET
H/1.1 200
OK cygnus Show response
as-sec.casalemedia.com/ 26 B
915 B 119ms
94ms XHR
application/json 95.100.197.53
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://as-sec.casalemedia.com/cygnus?s=393562&v=7.2&r=%7B%22id%22%3A%221583d867b673b5cf%22%2C%22imp%22%3A%5B%7B%22id%22%3A%2215970e9c43696b21%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22id%22%3A%2216001f028993f62c%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x90%22%7D%7D%2C%7B%22id%22%3A%22161bb11b19410cb6%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%2C%22ext%22%3A%7B%22siteID%22%3A%22393562%22%2C%22sid%22%3A%22970x250%22%7D%7D%5D%2C%22site%22%3A%7B%22ref%22%3A%22http%3A%2F%2Finfo.bettercloud.com%2FjbHZ0C3aK00fH0AeY1S0n00%22%2C%22page%22%3A%22https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%7D&ac=j&sd=1&
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.197.53 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-197-53.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 20faa0674d361cad592067256fd58f57264218b3fc716f719d6c2096eac5fb58

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 11 Dec 2019 13:44:20 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 46
Expires: Wed, 11 Dec 2019 13:44:20 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
158 B 19ms
18ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e486787dd6b5-FRA
access-control-allow-headers: origin, content-type

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C56D 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 21 Nov 2019 15:36:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1721279
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 20 Nov 2020 15:36:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame C56D 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 10 Dec 2019 05:00:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 117843
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 09 Dec 2020 05:00:17 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
39 B 16ms
16ms XHR
text/plain 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
cf-cache-status: DYNAMIC
server: cloudflare
status: 204
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.bleepingcomputer.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 5437e486d955d6b5-FRA
access-control-allow-headers: origin, content-type

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 110ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: fdadf601a8b1e2e019ee78f618352c4f7428b095f1cd2a0a6a8be87b362006d2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:20 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7582 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Thu, 21 Nov 2019 15:36:21 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 1721279
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Fri, 20 Nov 2020 15:36:21 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 7582 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Origin: https://www.bleepingcomputer.com

Response headers

date: Tue, 10 Dec 2019 05:00:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 117843
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Wed, 09 Dec 2020 05:00:17 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 314 B
216 B 210ms
210ms XHR
text/plain 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e165e96ff510ffa49533fe7c9ffde179d41aa349de0f59fe59d244df5a8e1304

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 127
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 6A13
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: www.bleepingcomputer.com
URL: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame C56D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

14ms
14ms

Image
text/html

2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 7582
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

2a00:1450:4001:806::2002
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Wed, 11 Dec 2019 13:44:20 GMT
x-content-type-options: nosniff
server: safe
location: https://googleads.g.doubleclick.net/pagead/drt/si
content-type: text/html; charset=UTF-8
status: 302
cache-control: private
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 246
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 314 B
206 B 225ms
224ms XHR
text/plain 172.217.16.130
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

dff610ab7842ac86c5578525dc703c36781119e6fc2262bfd1fee1ea600b42f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com

Response headers

date: Wed, 11 Dec 2019 13:44:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 129
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.bleepingcomputer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/3176937312141233685/ Frame C56D 16 KB
16 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b474eaa106d18f05c5c16c290b7369399b3b942ff50e6afe59c151d7d836b753

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 21 Nov 2019 23:37:24 GMT
x-content-type-options: nosniff
last-modified: Wed, 16 Oct 2019 02:07:21 GMT
server: sffe
age: 1692416
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 16754
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:37:24 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8578129967820296872/ Frame C56D 5 KB
5 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 20 Nov 2019 11:43:10 GMT
x-content-type-options: nosniff
last-modified: Tue, 08 Jan 2019 00:33:08 GMT
server: sffe
age: 1821670
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 5350
x-xss-protection: 0
expires: Thu, 19 Nov 2020 11:43:10 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C56D 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 51038
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Dec 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame C56D 295 B
361 B 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 57059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Dec 2019 21:53:21 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/14155507193148450036/ Frame 7582 35 KB
35 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a71a31aec78d0ae1323fa167b31dbae07edcbcfdf17ab3ca1846a11c228c31dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 07:48:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Nov 2019 11:13:33 GMT
server: sffe
age: 107761
content-type: image/jpeg
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 35689
x-xss-protection: 0
expires: Wed, 09 Dec 2020 07:48:19 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/9531774676319628414/ Frame 7582 37 KB
37 KB 8ms
8ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

472091ecac69aca924adad5836979f0fd14e5e962b7012fd1df98d80caef03a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 25 Nov 2019 06:02:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 Jun 2019 11:15:08 GMT
server: sffe
age: 1410104
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 37865
x-xss-protection: 0
expires: Tue, 24 Nov 2020 06:02:36 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7582 2 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 23:33:42 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 51038
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Wed, 11 Dec 2019 23:33:42 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 7582 295 B
361 B 7ms
7ms Image
image/png 2a00:1450:4001:808::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bleepingcomputer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 10 Dec 2019 21:53:21 GMT
x-content-type-options: nosniff
content-type: image/png
server: cafe
age: 57059
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: public, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 11 Dec 2019 21:53:21 GMT

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 111ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: fdadf601a8b1e2e019ee78f618352c4f7428b095f1cd2a0a6a8be87b362006d2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:20 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

POST
H/1.1 200
OK c Show response
c.pub.network/ 36 B
344 B 111ms
110ms XHR
text/plain 35.226.36.58
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/bleepingcomputer-com/pubfig.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.226.36.58 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 58.36.226.35.bc.googleusercontent.com
Software: /
Resource Hash: fdadf601a8b1e2e019ee78f618352c4f7428b095f1cd2a0a6a8be87b362006d2

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Origin: https://www.bleepingcomputer.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.bleepingcomputer.com
Date: Wed, 11 Dec 2019 13:44:21 GMT
Access-Control-Allow-Credentials: true
Content-Length: 36
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: text/plain;charset=utf-8

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame FE21 0
0 44ms
12ms Document
text/html 95.100.196.250
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.250 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-196-250.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=128273
Expires: Fri, 13 Dec 2019 01:22:18 GMT
Date: Wed, 11 Dec 2019 13:44:25 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

sync
eb2.3lift.com/ Frame F9B0
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

7ms
6ms

Document
text/html

52.57.98.188
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
cookie: tluid=14909562121896446333
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html; charset=utf-8
content-length: 516
set-cookie: sync=CgoI4gEQt8rQqe8tCgoI5gEQt8rQqe8tCgkICRC3ytCp7y0KCgipARC3ytCp7y0KCQg5ELfK0KnvLQoJCDoQt8rQqe8tCgkICxC3ytCp7y0KCgjOARC3ytCp7y0KCgiOARC3ytCp7y0KCQgfELfK0KnvLQ==; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/sync; Domain=.3lift.com tluid=14909562121896446333; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 11 Dec 2019 13:44:25 GMT
content-length: 0
set-cookie: tluid=9766610189208984292; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame FB72 0
0 110ms
109ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html
set-cookie: __cfduid=d8d7c835d0ce79f33aca6525e5f916c591576071865; expires=Fri, 10-Jan-20 13:44:25 GMT; path=/; domain=.districtm.io; HttpOnly
cf-ray: 5437e4a7fb53d6b5-FRA
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2

200

sync
eb2.3lift.com/ Frame E6AB
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

8ms
7ms

Document
text/html

52.57.98.188
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
cookie: tluid=14909562121896446333
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html; charset=utf-8
content-length: 516
set-cookie: sync=CgoI4gEQtsrQqe8tCgoI5gEQtsrQqe8tCgkICRC2ytCp7y0KCgipARC2ytCp7y0KCQg5ELbK0KnvLQoJCDoQtsrQqe8tCgkICxC2ytCp7y0KCgjOARC2ytCp7y0KCgiOARC2ytCp7y0KCQgfELbK0KnvLQ==; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/sync; Domain=.3lift.com tluid=14909562121896446333; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 11 Dec 2019 13:44:25 GMT
content-length: 0
set-cookie: tluid=15490970810858315595; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame F31B 0
0 21ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987349
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4075-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 4739548
X-Timer: S1576071866.608764,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame ED69 0
0 154ms
154ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html
set-cookie: __cfduid=d8d7c835d0ce79f33aca6525e5f916c591576071865; expires=Fri, 10-Jan-20 13:44:25 GMT; path=/; domain=.districtm.io; HttpOnly
cf-ray: 5437e4a80b71d6b5-FRA
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 83C3 0
0 19ms
7ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987349
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4027-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 4802345
X-Timer: S1576071866.617390,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame 2AFA 0
0 18ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987350
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4065-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 4084351
X-Timer: S1576071866.616872,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame D4ED 0
0 24ms
7ms Document
text/html 23.37.55.184
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.55.184 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-37-55-184.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified: Mon, 09 Dec 2019 19:59:16 GMT
Content-Encoding: gzip
Content-Length: 7451
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=60098
Expires: Thu, 12 Dec 2019 06:26:03 GMT
Date: Wed, 11 Dec 2019 13:44:25 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame BC97 0
0 44ms
16ms Document
text/html 95.100.196.250
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.250 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-196-250.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=128273
Expires: Fri, 13 Dec 2019 01:22:18 GMT
Date: Wed, 11 Dec 2019 13:44:25 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame B4DE 0
0 20ms
5ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987349
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4075-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 4739549
X-Timer: S1576071866.620107,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame AE04 0
0 20ms
5ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987349
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4036-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 664479
X-Timer: S1576071866.622141,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK Cookie set showad.js
ads.pubmatic.com/AdServer/js/ Frame F007 0
0 41ms
16ms Document
text/html 95.100.196.250
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.250 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a95-100-196-250.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Last-Modified: Tue, 12 Nov 2019 06:59:02 GMT
ETag: "13006b6-97cd-59720c88c16d1"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
Set-Cookie: KTPCACOOKIE=YES; domain=.pubmatic.com; path=/; max-age=7776000;
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14515
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=128273
Expires: Fri, 13 Dec 2019 01:22:18 GMT
Date: Wed, 11 Dec 2019 13:44:25 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 index.html
cdn.districtm.io/ids/ Frame 7D9E 0
0 152ms
152ms Document
text/html 104.16.68.69
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.districtm.io/ids/index.html

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: cdn.districtm.io
:scheme: https
:path: /ids/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html
set-cookie: __cfduid=d8d7c835d0ce79f33aca6525e5f916c591576071865; expires=Fri, 10-Jan-20 13:44:25 GMT; path=/; domain=.districtm.io; HttpOnly
cf-ray: 5437e4a81b91d6b5-FRA
cache-control: s-maxage=1209600, max-age=14400
last-modified: Thu, 10 Jan 2019 16:50:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
content-encoding: br

GET
H2

200

sync
eb2.3lift.com/ Frame 6057
Redirect Chain

https://ib.3lift.com/sync?
https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

0
0

7ms
7ms

Document
text/html

52.57.98.188
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.98.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-57-98-188.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /sync?&ld=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
accept-encoding: gzip, deflate, br
cookie: tluid=14909562121896446333
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

status: 200
date: Wed, 11 Dec 2019 13:44:25 GMT
content-type: text/html; charset=utf-8
content-length: 516
set-cookie: sync=CgoI4gEQt8rQqe8tCgoI5gEQt8rQqe8tCgkICRC3ytCp7y0KCgipARC3ytCp7y0KCQg5ELfK0KnvLQoJCDoQt8rQqe8tCgkICxC3ytCp7y0KCgjOARC3ytCp7y0KCgiOARC3ytCp7y0KCQgfELfK0KnvLQ==; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/sync; Domain=.3lift.com tluid=14909562121896446333; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

status: 302
date: Wed, 11 Dec 2019 13:44:25 GMT
content-length: 0
set-cookie: tluid=14909562121896446333; Max-Age=7776000; Expires=Tue, 10 Mar 2020 13:44:25 GMT; Path=/; Domain=.3lift.com
location: /sync?&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame E2D7 0
0 15ms
6ms Document
text/html 151.101.113.108
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-2.36.5.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx/1.9.13 /
Resource Hash

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Response headers

Server: nginx/1.9.13
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Sun, 06 Aug 2017 09:41:59 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish 1.1 varnish
Fastly-Debug-Digest: e0a1bb88354655bae6b4f44be1ff58238053e5563770e29e0e433e905ee66055
Content-Length: 506
Accept-Ranges: bytes
Date: Wed, 11 Dec 2019 13:44:25 GMT
Age: 10987349
Connection: keep-alive
X-Served-By: cache-jfk8123-JFK, cache-hhn4020-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 1276778, 688945
X-Timer: S1576071866.624643,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK g Show response
rtb.connatix.com/ 81 B
288 B 89ms
88ms Script
text/plain 54.164.73.180
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.connatix.com/g?c_pw=834&c_ph=470&c_tk=C018218D-4AD0-4E01-8158-045425E65946&c_bu=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oauth-apps%2F%3Fmkt_tok%3DeyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%253D&c_ivt=0&connatix_sess=tB2HbHO5_1HLgzr9_S77V8oJYNkZiKUdD0hYR5BG-k1wzGWl_YYVB8ZzbWdFJF5yDKSbR5O3-xQJPe5KexLeXqpgo_TMe-LYIvYcuWSX7wkdp5Oyh_nvV9cUP4epnJD1dJo0BIVxbfltfuP9d9vdatIB_qynTDevRkFXmMHwAXH2eDXZoyCNf2JfpyvuwHT_&notServed=false&xplr=false&c_s=false&c_pl=IOvff_K_d8Vn0kbPryZjEt6R39yPQPpBT3Ky9DI8Kmtfd_7Ib4WNq2nzXFFbIiMa1VwfQIl0rGIDWHfWeQRhJ0tSTfYS5fOdvDU7G4KoFRQHfS08DkdESoULt7lUW5QAWmYxiLVDLs2Tz-ZMaGxxpW_N17fGFj4M5Lj6B7IBm9z7h945vsa2Qj08JCNxHWczJXaqOoVhjZJ6zn-bjNQPvTvr5ODZkOwnBThcyccA0Jk&gdpr=1&med_id=639404&req_no=2&v=1&c_pt=1&c_f=[{id:14554,r:3,i:0,f:5.47}]&p=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fphishing-attack-hijacks-office-365-accounts-using-oau&c_v=1823_0_0_0_0&spp=1&callback=cnxJSONP_b50f370cbfe1d36191be1576071867694
Requested by: Host: cdns.connatix.com
URL: https://cdns.connatix.com/p/1823/min/connatix.renderer.infeed.min_dc.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.73.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-164-73-180.compute-1.amazonaws.com
Software: nginx/1.15.9 (Ubuntu) /
Resource Hash: 9d74b0f9b9b2b1700e679176fbab74aa6abe0f12840872a05c331ad7c6955639

Request headers

Referer: https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Dec 2019 13:44:27 GMT
Content-Encoding: gzip
Server: nginx/1.15.9 (Ubuntu)
Connection: keep-alive
Content-Length: 100

Verdicts & Comments Add Verdict or Comment

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 05:47:52	Name: test_cookie Value: CheckForPermission
www.bleepingcomputer.com/	1970-01-19 06:31:03	Name: _fsloc Value: ?i=DE&c=
.bleepingcomputer.com/	1970-01-19 06:31:03	Name: __beaconTrackerID Value: xzxg1ws81
www.bleepingcomputer.com/	1970-01-19 05:47:53	Name: fssts Value: false
www.bleepingcomputer.com/	1969-12-31 23:59:59	Name: _cmpQcif3pcsupported Value: 1
www.bleepingcomputer.com/	1970-01-19 05:47:53	Name: __atuvs Value: 5df0f2b19d10ddf9000
.bleepingcomputer.com/	1970-01-19 23:19:03	Name: _ga Value: GA1.2.1841999065.1576071857
www.bleepingcomputer.com/	1970-01-19 05:47:53	Name: _fssid Value: 29a6f105-7e63-4f2e-bf7d-d50508ac5d47
.bleepingcomputer.com/	1970-01-19 05:49:18	Name: _gid Value: GA1.2.301855145.1576071857
www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps	1969-12-31 23:59:59	Name: fsbotchecked Value: true
.bleepingcomputer.com/	1970-01-19 05:47:51	Name: _gat_gtag_UA_91740_1 Value: 1
www.bleepingcomputer.com/	1970-01-19 06:31:03	Name: lav Value: 7365
www.bleepingcomputer.com/	1970-01-19 15:19:32	Name: __atuvc Value: 1%7C50
.bleepingcomputer.com/	1970-01-19 06:31:03	Name: __cfduid Value: dc2f8fed9a07f2bd22ec1cf45b65e92ba1576071856
.bleepingcomputer.com/	1969-12-31 23:59:59	Name: session_id Value: 19f0d57d25e70280b9c004739e059a7d

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://quantcast.mgr.consensu.org/cmp.js(Line 1) Message: Dependency check failed for Publisher Purpose Legitimate Interest IDs: Publisher Purpose Legitimate Interest IDs must be an array containing only purpose IDs contained in the Publisher Purpose IDs array, the following purpose IDs will be ignored: 1, 4, 5
console-api	warning	URL: https://static.quantcast.mgr.consensu.org/v27/cmpui-popup.js(Line 1) Message: Unable to get NonIab Vendor list.
console-api	log	URL: https://freestar-io.videoplayerhub.com/gallery.js(Line 1) Message: Video gallery initializing
console-api	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2019120201.js(Line 1) Message: Exception in queued GPT command TypeError: Cannot read property 'getItem' of null
console-api	info	URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411) Message: Powered by AMP ⚡ HTML – Version 1911070201440 https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
console-api	info	URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411) Message: Powered by AMP ⚡ HTML – Version 1911070201440 https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D
console-api	info	URL: https://cdn.ampproject.org/rtv/011911070201440/amp4ads-v0.js(Line 411) Message: Powered by AMP ⚡ HTML – Version 1911070201440 https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/?mkt_tok=eyJpIjoiWldaalpUUm1ZbUkzTmpBMCIsInQiOiJWSTR1aU1hQ2REcFpUNGtmZ21YMEcwQTlvcXgreHlIOEExQ0JrajZMV2NMbHhhOVBENDFWd3NFRWNiaXBLNXA0MkRmZnZDclVcL1N0UUpuUFI1djFVZHBPaDcrVkM0VHM0MGpmQXZSaFYrcVpHK3Qxd1wvVURRZFg5NnlkZ3Z1c0tkIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.pub.network
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
adservice.google.com
adservice.google.de
api.quantcast.mgr.consensu.org
as-sec.casalemedia.com
audit.quantcast.mgr.consensu.org
btlr.sharethrough.com
c.pub.network
cdn.ampproject.org
cdn.connatix.com
cdn.districtm.io
cdns.connatix.com
ck.connatix.com
cluster-na.cdnjquery.com
confiant-integrations.global.ssl.fastly.net
core.connatix.com
cse.google.com
d.pub.network
dmx.districtm.io
eb2.3lift.com
ecdn.analysis.fi
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
graph.facebook.com
hbopenbid.pubmatic.com
i.connatix.com
ib.3lift.com
ib.adnxs.com
info.bettercloud.com
pagead2.googlesyndication.com
quantcast.mgr.consensu.org
rtb.connatix.com
s7.addthis.com
s9.addthis.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
static.quantcast.mgr.consensu.org
tlx.3lift.com
tpc.googlesyndication.com
trk.connatix.com
v1.addthisedge.com
vendorlist.consensu.org
www.bleepingcomputer.com
www.bleepstatic.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.reddit.com
z.moatads.com
104.16.68.69
104.20.59.209
104.26.13.6
13.224.196.64
13.224.196.65
13.225.78.6
143.204.101.113
143.204.101.32
151.101.113.108
151.101.113.140
151.101.113.194
151.101.14.217
172.217.16.130
172.217.22.6
178.79.175.86
18.194.120.191
18.195.86.132
185.33.223.221
185.64.189.112
199.15.213.48
2.21.36.164
23.11.238.95
23.37.55.184
2600:9000:20eb:6400:9:46dc:4700:93a1
2600:9000:2156:5800:9:46dc:4700:93a1
2600:9000:2156:fe00:1:af78:4c0:93a1
2606:4700:20::681a:8b
2a00:1450:4001:806::2002
2a00:1450:4001:808::2001
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
2a00:1450:4001:809::200e
2a00:1450:4001:814::2002
2a00:1450:4001:817::2004
2a00:1450:4001:818::2003
2a00:1450:4001:824::2001
2a00:1450:4001:824::200a
2a03:2880:f01c:20e:face:b00c:0:2
3.215.1.64
3.222.69.96
34.195.95.173
35.188.71.214
35.226.36.58
52.57.98.188
54.164.73.180
69.173.144.140
95.100.196.250
95.100.197.246
95.100.197.53
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0d7bc89dd915f55c4c3707f48417b2345427fbc24c1019a9b9a49f6b94d38ac3
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0edfae1fdacd0b79a1ced01146fbd883293bc86750bdc97bb8f247c85a7b8545
0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f
1008ae8c93c140845bf5bfa6d0c6e0a048ff8906a4fa0081196fd99f1613f65a
103dc14e51cd840e1ed5186cfafaec363e524401976bb70c1fd2cbd700b6d102
114666c1177e74550124afa6a783da0cb0f264652a27a4083748cbd5b139cdfe
11e0d7b2584273c3b1135243d24c0952bb4d964a164d343f9cd190098030f2fa
11f9cad4536f4a5fd7bdc1466ce10ee7f970a640e43b9d31a9b6cebbb5cb935c
182ce60aa520e221e459f0eb5d20c9b4a443478a9eb4f3dafc39c4a816fefedb
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
19db4a2cde712e2ceaac317e732b4ec40b62818a938a8bf8391ad68470845019
19e1dbba639ba68ceb71cdada9621e11d0aec6edba410971f1937d6cc4935b32
1a478c5f649d48a89ad8a93f13780a7c7ef0718eb6615a2d28dc2d7d221e2f9e
20faa0674d361cad592067256fd58f57264218b3fc716f719d6c2096eac5fb58
22e977346d45bab9f531ce1132d7ecfbe8e46868eaea790a0d4dcd1d0649d74b
2363cbdace3d4db7b0ee2f0fcf42a722658814affea6c100f3679f7c21ff9e11
23b5c1b719d09a1ecaebcabfbfd56378d9431e37dac5e83f2be512d4e6ffad92
2424d4d0676494244257b830643c905eac8254d373e00bc0cf6a13158626921b
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
31cd7d9398307ca2e6cfaa111bbe7b69d69cbaaed2ff74034412ebc5008671fd
32e73e8e0eec3e6c1345d84e7ef091b90e71fb0045814043b34c914156235eb9
33eb81af8a0101c1ad2a210f322fb362ce1598e6e37f0a7ecc62d6ff39add590
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3751f364a5919eebc891214dc84fc296d0d4fb0469407fdceaa5fd45ab211b49
3997e0d9be8f59a4a38b28fcf2fecde1ede60420cb7ab7ae28d2e378de3ddf04
3a2c374a42747c249c054d814e461ebdb0b805cb6df31b8ede3999216ad27f8d
3b6a84a416edfb98ed7608dad8cd26ffd7123e54bce2bb13a4a3394e0b948382
3b8dbe2dcbfef12c9fe61adb3ae7f0c550657f846dab86b13ffd1735dd34b0ee
3c10cb1ddf712f08a5082f5759b9496c250d195a9e6746e2ab0088b52775b21e
3fbfd6f5cbf3becde848ff3e522bdc44ad88cd9a90b61f1231db7b589a98c959
42835eddfccf126c4f65091c377c206334c2fb2838212d01965298cd4599b39f
44178919accac2fd92f71084d312c8ff266dd25b8b808f8e9b32fe2926aefb41
472091ecac69aca924adad5836979f0fd14e5e962b7012fd1df98d80caef03a4
476c82589ff631f9a39c7a49ec0a09a6bfcb7d3bf76e4ef9649e40d1dc9bbbf9
489b6703852c290f6b4d10eed79f17d378682f423e427c4e709fcf5aa16bc78e
4cae697d304b6cae1bb457589d549ec39239ca1d1e32bd7201200cb7562eeb32
4e4875bfa349c5df0caf5e9bfe919345ac2b8bb00dca6794516e499aaf89e9e9
4eeb4df3522892ea2ec61de6a58e870e8262019f8e3c759c099450cefb589313
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
546cd24fc4b21b7d43d957482fca198eee4c67b3da6b9a4c32659ff17e79787f
5755b5964de3e4c7ae3e88dc348733174e5910724ba7ab2862974b75b7876018
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4061ff8312e2ad494bd984b7df966438232be64a3b284ab69f66c6705009a6
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5fe405e64b42b49a5813c2c7b8e48ccf290310c5eb351d2b15966856d1a2f06e
6124b7c59aadae279e1f0ecb561ed9b0c4fe22cb31c32c8c934e5423887c5426
629f4758d1701315fb09e687058c937c97b5c2a45654173e16e96ccd424f8604
63890326f558587b0840eb0a6e6377f1bf39264e015e568f4c2a03aefce3f929
67d86a29de7993fbd23b7dde2c4f26bdc434055c35a4b08c830c0d02fcfa6dd2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6e86593083facba2710a2312f26bd7b436d7ef299f99cbc2ccc1b32693ec3144
71dae7cc7766c98bdc4b766789af22fe0442d58aced342736f044ec12aaba058
754b47d9024a3f0c2fab9b51b55aa24b38d41725d153c436c2d90d5bfc286798
79f1c7d34175bb228a52bf97c328c5327893acc1eaa41b3d8a40a5c1bae59984
7a52d4e3f541e459f9069f6f596242684704eeaca5a95f05285d16e2e609927d
7af7ce20b3bb355321409e48397c0ebf467b64dbd45d1eb7fa71fabcc2e82c75
7be78e59a895f3e0824eb4968f842cf3926c4734d752dd58097d0548b287a1e5
7c20e3e201e3d7c6821e907def1257deb544eb08578c7129b96d53bbf62d34e4
7c42933014424dabb2256a0732a9f792559d26ba09a84308c278f52834522f9a
7d6d26827b887aa09b2a5eb7c001e35b93773e53c36ddbfc127ad824e0a6ba39
7e7c74d95df84ef3a6be5c4fcde54fae313a04a9bd611059e6a97a23ff09f26f
7e94fbebf526effec4239c82e5435a412d81ffc4bc9bddf13f9aa1170f6d803e
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
801f94e439e56ff65c1f08e9f76fafe23788cf2a442c45842f9aa60b613aa338
80b8659c8eee1333870061b8657a385cf821032b276f18ff97ac282d4ef5962f
827252be04765631f8ff21fee8ffe1028e27dfa52f62c08ef3182609a0a0e991
82c7fdbc4d001907e1e5d56cd335af3f0d48e0ffa7f0ad2aa3486ebb1123cb21
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ae9534729617e69eafa40195c7854697eb3d13b4205f3ee467e07c4af0a24b
866a1264b956a58da8e640a6191453d62f20d8676f63f193d2786318f83f6422
8733e2183f16906b2fa2e58fdab82cf336f249ab71ac1b184470da2dd3c6e29f
87562d3773ffab3d0716a70faa73c38b322fde3b8f265c3d646a3cea976ef67e
8a56e644a617b2d1e4e7d808dfc334a7ea8622979f22999dc9eccd21c61958b3
8a791f8ed5db4d28f7a99f70f9b51ceaeb4f422122d6db743e6f887b093d0737
8db624e21c35d3f1626601a61acb544d8dc307f820c325f945d4a2b60cb2c2eb
8ec1e1ee811248318e893fee31c5ee75658109d5240ebe5777945a273a2c9f7c
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
942935ead42820e6c9184f099c77dde34fa4be70d395a17c47b5d7ad07967339
98f88d642acd9024773bf77b93f9546e3cd6fd8fa3d539d16f7b018e0cb513f2
993c1f16583585bfabcf6f7d8c96bfd17752384ecadff84128606babaec416bd
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d74b0f9b9b2b1700e679176fbab74aa6abe0f12840872a05c331ad7c6955639
a71a31aec78d0ae1323fa167b31dbae07edcbcfdf17ab3ca1846a11c228c31dd
ab52a578c101a14bbc790f87f9a7400dda65469f23c6ce85c461e07cdf776460
ac050a029e8ec9ca8507acfe44ab38223eceb346c0ce141868960fc039b1d594
ad1219ce07f5abb6a580cd4b2b7e9e36f1446565ae59d78c44eb5ffe36857394
ae19bcc931e28e62bdc6147727dd320df7e008ef8819f4a837f65a891ca34188
b34676178982122b66b0a55d3ee411fa343b1d19a6c119c0c9b0ea2c892738a1
b3498f138f5418bd58413e79e4c0969e618d6f2fee2d9d98c0f4e70a6cbd04ad
b474eaa106d18f05c5c16c290b7369399b3b942ff50e6afe59c151d7d836b753
b4771b354bb4ce2c521d7076696d1d872cc9d7343afb9b722abc292db3045751
ba4af1d00b0e19b0fa9cd5c1ace0632c61d7d21648bd8118582dbaf83224c1f9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfc8e65089dc5421d56ecc71a0328eafd4feb2a602503ae5c15bfa3189c02f7e
c1ff893b404f02342111fc9d0159ed8f25ace7a36b998cdf0654494632470924
c3034d0370c5faa09e7a8d7b0c48925afa0371cf17e4827dde23059f56019dae
c9395e6dcccbdb0c0949db0de5c1288664f8bb9c14335f2ca1c7d1961940c37c
c9e727b37a735a7983ea8bdad06a38b246261c239bb80b86cc0ff3663c910adb
caf65d9a0c255ed442f4a5684941a2cb5098d62879c961559a65fbdc24796ed8
cc895d4e6adc4fe512e7fb18dbd9df9c8688b5d013060c4fb63342a185727815
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf9f183ea7ccafe9bc60901fdb82d3b33e190c5344704021a1103d21409d40e9
d020fa6036628dd1d6dbf760edc742273359e93119832249bdce332d05d6db4d
d2046a09db7667733b48b3ffc77f65b5b7cf9def2359078117770c9ced03ee15
d229886fc63edf6b95865ad6a9e90b589ca7585d2203bc61b69f73f61f746830
d394ac2b72c9d9689fd63e0344482578cceabe9bcf6556a972598221d41122de
d44b93a0af159f0d547d7ec89e9227a5667ce1171bc630e6fbf79dae0e596e2d
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd97106d01f4ed05c72c6acae70c3e63f98964d9ce0cf3451bb7bdb29097f4fd
df67fe7059a0f6a20c2bfd96f18bd2d4027c5cfcf10d388afc2be8add8b77681
dff610ab7842ac86c5578525dc703c36781119e6fc2262bfd1fee1ea600b42f1
e01ca8abcf25a2b6ef4ad3eac61fdc947cd88abca214b83861e53dd0256cf75d
e165e96ff510ffa49533fe7c9ffde179d41aa349de0f59fe59d244df5a8e1304
e17e6a39ec121fc90dae6efd59c254d9f2aa9f888d09078aafb3f6d2594d0700
e356e7e1d432bfb23c6eaf5c1b4a85b9c14ac4a10700ca215fc97fbd0d43f1ae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ab7a4682406adf2cb05b60d48f1ff7dcd2c86ed838445862cf6ea53456b585
e4ad56bd91f08203b208a3db86c463c7952fad443a239de6454c73b7ce669657
e5e0f326458e8b8ed839d42a0cf6892df80bf26d7dc7e4f8276a65c41582ab85
eb3986a9d06585054dc84ba96f83b685c5a67527f4cdd2cdb4dfc75d49f5759f
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ed175c8456e5dc1502e98bd33ff08e834d0a07e8721c5d8def0ea1987a67dfb0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe95cb2cc312e0132b0ce914c642ecee0534223df3f1d47579cdabe6cc070cd
f6b7ba3cc9a8177d62950984426ff73450f229d389c449b0631392be2f5b5b61
f7a406daad03ab65ccbb5ca86093212c402b4eb09e13ca312033474acdf5fd59
f8a52990bbe6892abb730d241570fbfbd2ff2fc707fdd3004c7dba6e843bbae3
f93d1d7d700f850328abfcc87e394dfb26fe1183249925434f8870fba994bc96
fa1884be7aabaacc259f4b324266bdd69c53da2df6c2b58a413b186bc6c9dce0
fb6b5dbf584b8797f1418b4a08dc775fae9a6925e29f849de60fdc3772668b40
fdadf601a8b1e2e019ee78f618352c4f7428b095f1cd2a0a6a8be87b362006d2
ff1e65d5292ac70fa0ceaf87d04313c975d6299e212e0274d3d0362b218ccab8

www.bleepingcomputer.com Open in urlscan Pro 104.20.59.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

231 Requests

100 %HTTPS

31 %IPv6

34 Domains

58 Subdomains

49 IPs

7 Countries

2479 kBTransfer

6722 kBSize

15 Cookies

14 Outgoing links

Page URL History

Redirected requests

231 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bleepingcomputer.com Open in urlscan Pro
104.20.59.209 Public Scan

Screenshot
Live screenshot

Full Image

231
Requests

100 %
HTTPS

31 %
IPv6

34
Domains

58
Subdomains

49
IPs

7
Countries

2479 kB
Transfer

6722 kB
Size

15
Cookies

231 HTTP transactions
8 data transactions