try.netwrix.com Open in urlscan Pro
162.213.14.138 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnK...
Effective URL:
https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%25...
Submission: On September 28 via manual (September 28th 2018, 8:43:48 pm UTC) from BG

Summary HTTP 72 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 33 IPs in 5 countries across 29 domains to perform 72 HTTP transactions. The main IP is 162.213.14.138, located in Powell, United States and belongs to MDC-AS01 - Metro Data Center LLC, US. The main domain is try.netwrix.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 12th 2017. Valid for: 3 years.

This is the only time try.netwrix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	199.15.213.48 199.15.213.48	53580 (MARKETO) (MARKETO - MARKETO)
1 25	162.213.14.138 162.213.14.138	54676 (MDC-AS01) (MDC-AS01 - Metro Data Center LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	108.161.188.153 108.161.188.153	12989 (HWNG) (HWNG)
2 5	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:816::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:26f0:f1:... 2a02:26f0:f1:28a::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.244.43.176 104.244.43.176	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	151.101.133.2 151.101.133.2	54113 (FASTLY) (FASTLY - Fastly)
1	2400:cb00:204... 2400:cb00:2048:1::6819:5c6e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
2	45.60.13.212 45.60.13.212	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
2 2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
2 3	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	188.125.66.33 188.125.66.33	34010 (YAHOO-IRD) (YAHOO-IRD)
1	35.172.77.143 35.172.77.143	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	40.87.71.55 40.87.71.55	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2 3	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	54.230.95.126 54.230.95.126	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1 5	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	54.230.95.191 54.230.95.191	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 4	35.190.27.37 35.190.27.37	15169 (GOOGLE) (GOOGLE - Google LLC)
2 2	52.214.113.33 52.214.113.33	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	54.230.95.107 54.230.95.107	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	18.233.2.137 18.233.2.137	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	151.101.134.110 151.101.134.110	54113 (FASTLY) (FASTLY - Fastly)
1	162.247.242.21 162.247.242.21	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
72	33

1 199.15.213.48 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

go.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 162.213.14.138 (Powell, United States) 1 redirects

ASN54676 (MDC-AS01 - Metro Data Center LLC, US)
PTR: 162-213-14-138.Static-14.MetroDataCenter.COM

www.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
try.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.161.188.153 (Los Angeles, United States)

ASN12989 (HWNG, NL)

img.netwrix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81d::200e (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f66.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:28a::3adf (European Union)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.43.176 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.133.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:cb00:2048:1::6819:5c6e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, DE)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.13.212 (Redwood City, United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)

px.spiceworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:815::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:815::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.125.66.33 (Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.172.77.143 (Seattle, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-35-172-77-143.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 40.87.71.55 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

monitor.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:10:101::b93f:9105 (Ireland) 2 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.95.126 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-95-126.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.95.191 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-95-191.fra2.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.27.37 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 37.27.190.35.bc.googleusercontent.com

d.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.113.33 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-214-113-33.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.230.95.107 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-95-107.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.233.2.137 (Cambridge, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-233-2-137.compute-1.amazonaws.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.134.110 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.21 (United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-9.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	netwrix.com 1 redirects go.netwrix.com www.netwrix.com try.netwrix.com img.netwrix.com	883 KB
7	company-target.com 2 redirects api.company-target.com d.company-target.com segments.company-target.com	4 KB
5	yandex.ru 1 redirects mc.yandex.ru	46 KB
5	google-analytics.com 2 redirects www.google-analytics.com	53 KB
4	linkedin.com 3 redirects px.ads.linkedin.com www.linkedin.com	7 KB
3	google.de www.google.de	327 B
3	google.com 2 redirects www.google.com	484 B
3	doubleclick.net 2 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	2 KB
3	clickcease.com www.clickcease.com monitor.clickcease.com	52 KB
3	gstatic.com fonts.gstatic.com	26 KB
2	facebook.com www.facebook.com	247 B
2	rlcdn.com 2 redirects id.rlcdn.com	1021 B
2	bidr.io 2 redirects match.prod.bidr.io	707 B
2	facebook.net connect.facebook.net	31 KB
2	bing.com bat.bing.com	7 KB
2	spiceworks.com px.spiceworks.com	7 KB
2	quora.com a.quora.com q.quora.com	6 KB
1	nr-data.net bam.nr-data.net	261 B
1	newrelic.com js-agent.newrelic.com	9 KB
1	demandbase.com tag.demandbase.com	15 KB
1	twitter.com analytics.twitter.com	660 B
1	yahoo.com sp.analytics.yahoo.com	53 B
1	t.co t.co	426 B
1	yimg.com s.yimg.com	4 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	bizographics.com sjs.bizographics.com	4 KB
1	googleadservices.com www.googleadservices.com	8 KB
1	googletagmanager.com www.googletagmanager.com	34 KB
1	googleapis.com fonts.googleapis.com	1 KB
72	29

	Domain	Requested by
24	try.netwrix.com	go.netwrix.com try.netwrix.com
5	mc.yandex.ru	1 redirects go.netwrix.com try.netwrix.com
5	www.google-analytics.com	2 redirects try.netwrix.com www.google-analytics.com www.googletagmanager.com
4	d.company-target.com	2 redirects try.netwrix.com
3	px.ads.linkedin.com	2 redirects try.netwrix.com
3	www.google.de	try.netwrix.com
3	www.google.com	2 redirects try.netwrix.com
3	fonts.gstatic.com	try.netwrix.com
2	www.facebook.com	try.netwrix.com connect.facebook.net
2	id.rlcdn.com	2 redirects
2	segments.company-target.com	try.netwrix.com
2	match.prod.bidr.io	2 redirects
2	connect.facebook.net	go.netwrix.com connect.facebook.net
2	bat.bing.com	go.netwrix.com try.netwrix.com
2	monitor.clickcease.com	try.netwrix.com
2	stats.g.doubleclick.net	2 redirects
2	px.spiceworks.com	www.googletagmanager.com try.netwrix.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	try.netwrix.com
1	api.company-target.com	try.netwrix.com
1	tag.demandbase.com	go.netwrix.com
1	analytics.twitter.com	static.ads-twitter.com
1	www.linkedin.com	1 redirects
1	q.quora.com	try.netwrix.com
1	sp.analytics.yahoo.com	s.yimg.com
1	t.co	try.netwrix.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	s.yimg.com	go.netwrix.com
1	www.clickcease.com	go.netwrix.com
1	a.quora.com	go.netwrix.com
1	static.ads-twitter.com	www.googletagmanager.com
1	sjs.bizographics.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	try.netwrix.com
1	img.netwrix.com	try.netwrix.com
1	fonts.googleapis.com	try.netwrix.com
1	www.netwrix.com	1 redirects
1	go.netwrix.com
72	38

This site contains links to these domains. Also see Links.

Domain
www.netwrix.com

Subject Issuer	Validity	Valid
*.netwrix.com COMODO RSA Organization Validation Secure Server CA	`2017-09-12` - `2020-09-11`	3 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2018-09-11` - `2018-12-04`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-09-11` - `2018-12-04`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2018-09-11` - `2018-12-04`	3 months	crt.sh
www.googleadservices.com Google Internet Authority G3	`2018-08-28` - `2018-11-20`	3 months	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2018-06-28` - `2019-07-03`	a year	crt.sh
*.quora.com DigiCert SHA2 Secure Server CA	`2018-08-15` - `2019-11-26`	a year	crt.sh
ssl375664.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-09-03` - `2019-03-12`	6 months	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2018-09-25` - `2018-11-06`	a month	crt.sh
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3	`2018-06-11` - `2019-06-12`	a year	crt.sh
www.google.de Google Internet Authority G3	`2018-08-28` - `2018-11-20`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-08-28` - `2018-11-20`	3 months	crt.sh
t.co DigiCert SHA2 Extended Validation Server CA	`2017-07-25` - `2018-11-05`	a year	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2018-06-08` - `2018-12-05`	6 months	crt.sh
www.google.com Google Internet Authority G3	`2018-08-28` - `2018-11-20`	3 months	crt.sh
monitor.clickcease.com Go Daddy Secure Certificate Authority - G2	`2018-09-06` - `2020-09-05`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2017-06-06` - `2019-06-11`	2 years	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2018-07-19` - `2019-08-28`	a year	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2016-09-20` - `2018-11-19`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 5	`2017-07-20` - `2019-07-10`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
bs.yandex.ru Yandex CA	`2017-11-23` - `2019-11-23`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2017-08-18` - `2019-08-18`	2 years	crt.sh
*.d.company-target.com Go Daddy Secure Certificate Authority - G2	`2017-10-11` - `2018-10-11`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2018-09-04` - `2019-04-14`	7 months	crt.sh
*.nr-data.net GeoTrust RSA CA 2018	`2018-01-11` - `2020-03-17`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Frame ID: 1863E6748E2576F08C2939DA1D879F72
Requests: 71 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5C4CDF5540231C89D1BAE8B555BB971C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-Kmu... Page URL
http://www.netwrix.com/additionalservice/mailencrypt?redirect_url=https://try.netwrix.com/how_attac... HTTP 302
https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

New Relic (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^NREUM/i

YUI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^YAHOO$/i

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /mc\.yandex\.ru\/metrika\/watch\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

72
Requests

99 %
HTTPS

43 %
IPv6

29
Domains

38
Subdomains

33
IPs

5
Countries

1193 kB
Transfer

2238 kB
Size

15
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netwrix.com/
Title:

Search URL Search Domain Scan URL

URL: https://www.netwrix.com/privacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h Page URL
http://www.netwrix.com/additionalservice/mailencrypt?redirect_url=https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea&sID=txt-url-1&fname=ANTONIO&lname=BUSULADZICH&email=antonio.busuladzich@gmail.com&phone=087%20907%209371&nsrv=&cID=7010g000001Ybbk&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%3D HTTP 302
https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://www.google-analytics.com/r/collect?v=1&_v=j69&a=750257376&t=pageview&_s=1&dl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&dr=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&ul=en-us&de=UTF-8&dt=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=KGBAAEADQ~&jid=397205802&gjid=1553255405&cid=1684162588.1538167419&tid=UA-2538779-12&_gid=39533434.1538167419&_r=1&z=778095152 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_gid=39533434.1538167419&gjid=1553255405&_v=j69&z=778095152 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152&slf_rd=1&random=2487381343

Request Chain 41

https://www.google-analytics.com/r/collect?v=1&_v=j69&a=750257376&t=pageview&_s=1&dl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&dr=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&ul=en-us&de=UTF-8&dt=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&sd=24-bit&sr=1600x1200&vp=1585x1185&je=0&_u=aGHAAEADQ~&jid=1108098052&gjid=1400963095&cid=1684162588.1538167419&tid=UA-2538779-16&_gid=39533434.1538167419&_r=1&gtm=G9oW3QS84&z=467835755 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_gid=39533434.1538167419&gjid=1400963095&_v=j69&z=467835755 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755&slf_rd=1&random=3071665362

Request Chain 50

https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&pageUrl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&fmt=js&s=1 HTTP 302
https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&pageUrl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&fmt=js&s=1&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1538167419669%26pid%3D79820%26url%3Dhttps%253A%252F%252Ftry.netwrix.com%252Fhow_attackers_exploit_office_365_vulnerabilities_nemea%253FencQryStr%253D3YXxjMR7wxW2S%2525252BiRw07BwD1a%2525252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%2525252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%2525252FMbaQ8Pg5sUJcVLJQ%2525253D%2525253D%2526iv%253D2kVoBhHgvgHDQgZO5ZPPFg%2525253D%2525253D%2526cID%253D7010g000001Ybbk%2526sID%253Dtxt-url-1%2526mkt_tok%253DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%2525253D%2526utm_source%253Demail%2526utm_medium%253Dfeatured-webinar%2526utm_campaign%253Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B%26pageUrl%3Dhttps%253A%252F%252Ftry.netwrix.com%252Fhow_attackers_exploit_office_365_vulnerabilities_nemea%253FencQryStr%253D3YXxjMR7wxW2S%2525252BiRw07BwD1a%2525252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%2525252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%2525252FMbaQ8Pg5sUJcVLJQ%2525253D%2525253D%2526iv%253D2kVoBhHgvgHDQgZO5ZPPFg%2525253D%2525253D%2526cID%253D7010g000001Ybbk%2526sID%253Dtxt-url-1%2526mkt_tok%253DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%2525253D%2526utm_source%253Demail%2526utm_medium%253Dfeatured-webinar%2526utm_campaign%253Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B%26ref%3Dhttp%253A%252F%252Fgo.netwrix.com%252Fdc%252FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%253D%253D%252FE1x0M0B4AgC0Q0oN0T0jd0h%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&pageUrl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&fmt=js&s=1&cookiesTest=true&liSync=true

Request Chain 59

https://d.company-target.com/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B

Request Chain 60

https://d.company-target.com/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B HTTP 302
https://d.company-target.com/ul_cb/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B

Request Chain 61

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAG_EU63XSUAACs8gS1FRg

Request Chain 62

https://id.rlcdn.com/464526.gif HTTP 302
https://id.rlcdn.com/464526.gif?redirect=1 HTTP 302
https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc12973ZHQEsh49k0HgWuQlHDqzz9rYgBGckmQc_NhWzCEwsI

Request Chain 64

https://mc.yandex.ru/watch/31488613?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page-url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538167417793%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1185%3Ai%3A20180928204339%3Aet%3A1538167420%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A167980174%3Ahid%3A575837314%3Ads%3A169%2C241%2C360%2C7%2C346%2C0%2C0%2C746%2C11%2C%2C%2C%2C1875%3Afp%3A1634%3Awn%3A16127%3Ahl%3A2%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538167420%3Au%3A1538167420759870259%3At%3AA%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities HTTP 302
https://mc.yandex.ru/watch/31488613/1?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page-url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538167417793%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1185%3Ai%3A20180928204339%3Aet%3A1538167420%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A167980174%3Ahid%3A575837314%3Ads%3A169%2C241%2C360%2C7%2C346%2C0%2C0%2C746%2C11%2C%2C%2C%2C1875%3Afp%3A1634%3Awn%3A16127%3Ahl%3A2%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538167420%3Au%3A1538167420759870259%3At%3AA%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities

72 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set E1x0M0B4AgC0Q0oN0T0jd0h Show response
go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3Sbkk... 929 B
1 KB 209ms
101ms Document
text/html 199.15.213.48
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h

Protocol

HTTP/1.1

Server

199.15.213.48 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

efe7e62fdc49b6f40d7af5783dce50b2cbc4b4e982f4c1d960ebe004b61dd3e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: go.netwrix.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:37 GMT
Server: Apache
Cache-Control: private, no-cache, no-store, max-age=0
Connection: close
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/html
Set-Cookie: BIGipServerab_mailtracking_80=!49wMWuCNVUuEnGlybf/nLIVwOTHiDugh6ivlgRf4eLq3/Oneo1Z1z/v2VTMn2I0EaFaQSrNQ8PHwieM=; path=/; Httponly

GET
H/1.1

200
OK

Primary Request

Cookie set how_attackers_exploit_office_365_vulnerabilities_nemea Show response
try.netwrix.com/
Redirect Chain

http://www.netwrix.com/additionalservice/mailencrypt?redirect_url=https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea&sID=txt-url-1&fname=ANTONIO&lname=BUSULADZICH&email=...
https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsP...

83 KB
18 KB

771ms
360ms

Document
text/html

162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Requested by: Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 / PHP/5.5.38
Resource Hash: f8a552cf9659386f4ccb222b092e1e249de7533055696186f51e5fb2c91f72c7

Request headers

Host: try.netwrix.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h

Response headers

Server: nginx/1.15.3
Date: Fri, 28 Sep 2018 20:43:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.38
Set-Cookie: nwf_cid=7010g000001Ybbk; expires=Fri, 05-Oct-2018 20:43:37 GMT; Max-Age=604800; path=/; domain=.netwrix.com nwf_spot_id=txt-url-1; expires=Fri, 05-Oct-2018 20:43:37 GMT; Max-Age=604800; path=/; domain=.netwrix.com utm_source=email; expires=Fri, 05-Oct-2018 20:43:37 GMT; Max-Age=604800; path=/; domain=.netwrix.com utm_medium=featured-webinar; expires=Fri, 05-Oct-2018 20:43:37 GMT; Max-Age=604800; path=/; domain=.netwrix.com _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D; path=/; httponly
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Encoding: gzip

Redirect headers

Server: nginx/1.15.3
Date: Fri, 28 Sep 2018 20:43:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.5.38
Location: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B

GET
S 200 css
fonts.googleapis.com/ 14 KB
1 KB 24ms
15ms Stylesheet
text/css 2a00:1450:4001:81d::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,600i,700&subset=cyrillic,cyrillic-ext

Requested by

Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

8fba402f91c574135954f5ec9a7d6540a5e976fefed9a0bfa3d2607a3c0fd70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=86400
content-encoding: gzip
last-modified: Fri, 28 Sep 2018 20:43:38 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Fri, 28 Sep 2018 20:43:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
x-xss-protection: 1; mode=block
expires: Fri, 28 Sep 2018 20:43:38 GMT

GET
H/1.1 200
OK bootstrap.css
try.netwrix.com/assets/ecd82848/css/ 143 KB
28 KB 129ms
122ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/ecd82848/css/bootstrap.css?v=1502282209
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 7e630d90c7234b0df1729f62b8f9e4bbfaf293d91a5a0ac46df25f2a6759e39a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Aug 2017 12:36:49 GMT
Server: nginx/1.15.3
ETag: W/"598b01e1-23a5a"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK formbasic.css
try.netwrix.com/assets/7c6af0b1/formbasic/css/ 11 KB
3 KB 242ms
119ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/formbasic/css/formbasic.css?v=1537347294
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 37e43360bddca0ce46fb435e0f6f6f2ece15a5264dab49341ca24bf1fdf452b5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:54 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ede-2a26"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK formhidden.css
try.netwrix.com/assets/7c6af0b1/formhidden/css/ 5 KB
1 KB 249ms
118ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/formhidden/css/formhidden.css?v=1537347298
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 5d6c37a78e3844fb3db3436f6e5f629fe8a1f886a4f77c93bccbc020cefb1c1f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:58 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ee2-156f"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK affix.css
try.netwrix.com/assets/7c6af0b1/affix/css/ 600 B
799 B 360ms
118ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/affix/css/affix.css?v=1537347292
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 910b5c9c0943490641d7e8608f0ad42c4a05fc88012b23af70d2ada73c67f388

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:52 GMT
Server: nginx/1.15.3
ETag: W/"5ba20edc-258"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK formonefield.css
try.netwrix.com/assets/7c6af0b1/formonefield/css/ 4 KB
1 KB 361ms
118ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/formonefield/css/formonefield.css?v=1537347301
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 71696707377feeb99ac8cb9c9789acef3e6a663a2b4dc6635be1a7182d01171e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:55:01 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ee5-f75"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK viewpage.css
try.netwrix.com/assets/de0a91d2/viewpage/css/ 813 B
837 B 361ms
118ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/de0a91d2/viewpage/css/viewpage.css?v=1537347264
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: df41c8d17779f48b358b144c228059a78c4fc79161925503b32573d2163073c7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:24 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ec0-32d"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK resp.css
try.netwrix.com/assets/de0a91d2/responsive/css/ 181 B
615 B 361ms
118ms Stylesheet
text/css 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/de0a91d2/responsive/css/resp.css?v=1537347260
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 7b2c8a502912ce0e8d1105e2e56a454fb805cdb1f956a5d40103677d98da0e7d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:20 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ebc-b5"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 netwrix-logo-no-tagline@2x.png
img.netwrix.com/ 3 KB
3 KB 53ms
6ms Image
image/png 108.161.188.153
HWNG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.netwrix.com/netwrix-logo-no-tagline@2x.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.161.188.153 Los Angeles, United States, ASN12989 (HWNG, NL),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 43d24cefb122dc34e2b1b4305b0eadbc3d7e55b37bef2ba9e8b0e2d277aa67bb

Request headers

:path: /netwrix-logo-no-tagline@2x.png
pragma: no-cache
cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: img.netwrix.com
referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
:scheme: https
:method: GET
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:38 GMT
last-modified: Sat, 01 Aug 2015 15:51:22 GMT
server: NetDNA-cache/2.2
etag: "55bceafa-bc1"
x-cache: HIT
content-type: image/png
status: 200
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3009
expires: Fri, 05 Oct 2018 20:43:38 GMT

GET
H/1.1 200
OK jquery.js Show response
try.netwrix.com/assets/b9f87ff1/ 252 KB
92 KB 238ms
237ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/b9f87ff1/jquery.js?v=1502282204
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Aug 2017 12:36:44 GMT
Server: nginx/1.15.3
ETag: W/"598b01dc-3ee0f"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK bootstrap.js Show response
try.netwrix.com/assets/ecd82848/js/ 68 KB
19 KB 121ms
120ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/ecd82848/js/bootstrap.js?v=1502282210
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Aug 2017 12:36:50 GMT
Server: nginx/1.15.3
ETag: W/"598b01e2-1104b"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK oneclick.js Show response
try.netwrix.com/assets/7c6af0b1/formhidden/js/ 720 B
818 B 118ms
118ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/formhidden/js/oneclick.js?v=1537347299
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: adeec0de52a91b30c262de488eea4563e39d2c450f46649b9c1ebcd9b8fa6536

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:59 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ee3-2d0"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK jquery.sumoselect.min.js Show response
try.netwrix.com/assets/7c6af0b1/formbasic/js/ 10 KB
4 KB 120ms
119ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/7c6af0b1/formbasic/js/jquery.sumoselect.min.js?v=1537347296
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: e4e2bdd846c21ff3d12972c112880bf203ef396f61626e2a36ad225b9515c64b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:56 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ee0-271e"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK yii.js Show response
try.netwrix.com/assets/b499fb76/ 19 KB
7 KB 120ms
119ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/b499fb76/yii.js?v=1513173702
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: ef85329fcf6feeadff288ad564bbd1ddc8600784a819b2b87d5ab7ae3b3fcf39

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2017 14:01:42 GMT
Server: nginx/1.15.3
ETag: W/"5a3132c6-4da5"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK yii.validation.js Show response
try.netwrix.com/assets/b499fb76/ 15 KB
4 KB 120ms
119ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/b499fb76/yii.validation.js?v=1513173702
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 45f7bdbd87e76c495b9fe3c89a981837c523bb35e506cd66ffcd1500070054fb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2017 14:01:42 GMT
Server: nginx/1.15.3
ETag: W/"5a3132c6-3c8e"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK yii.activeForm.js Show response
try.netwrix.com/assets/b499fb76/ 31 KB
8 KB 119ms
119ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/b499fb76/yii.activeForm.js?v=1513173702
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 0884d45d453ab37eaae7b9da4d24d091b5afbe6501b726da381e7bf3240ce97d

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2017 14:01:42 GMT
Server: nginx/1.15.3
ETag: W/"5a3132c6-7df8"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK viewporttempfix.js Show response
try.netwrix.com/assets/de0a91d2/responsive/js/ 380 B
694 B 119ms
118ms Script
application/javascript 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to

Full URL: https://try.netwrix.com/assets/de0a91d2/responsive/js/viewporttempfix.js?v=1537347261
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 2b20bde6d5ca9d842bf4926eeba096fabef36b8c86ecfd241ff59d40d715b677

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D; _ga=GA1.2.1684162588.1538167419; _gid=GA1.2.39533434.1538167419; _gat=1; _ga=GA1.3.1684162588.1538167419; _gid=GA1.3.39533434.1538167419; _gat_UA-2538779-16=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 Sep 2018 08:54:21 GMT
Server: nginx/1.15.3
ETag: W/"5ba20ebd-17c"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive

GET
S 200 analytics.js Show response
www.google-analytics.com/ 39 KB
16 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

ed17a6e7532cc3065f9fbd8f607dfd30e09b4531ada9f7cb5732a2bf6cf6744c

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Sep 2018 23:12:19 GMT
server: Golfe2
age: 4536
date: Fri, 28 Sep 2018 19:28:03 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 16173
expires: Fri, 28 Sep 2018 21:28:03 GMT

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 105 KB
34 KB 59ms
59ms Script
application/javascript 2a00:1450:4001:816::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

e5c0b07b943a410e7394ec5baf67110f706f81b69481ebd3c7881e920bceda1a

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 34242
x-xss-protection: 1; mode=block
expires: Fri, 28 Sep 2018 20:43:39 GMT

GET
H/1.1 200
OK Russel_McDermott_round.png
try.netwrix.com/images/uploads/ 74 KB
75 KB 236ms
235ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/Russel_McDermott_round.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: f463ac4b10148d7c9a02da74f322a300d920967201ff6d043e046b6f4f5db932

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D; _ga=GA1.2.1684162588.1538167419; _gid=GA1.2.39533434.1538167419; _gat=1; _ga=GA1.3.1684162588.1538167419; _gid=GA1.3.39533434.1538167419; _gat_UA-2538779-16=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Thu, 01 Feb 2018 11:20:13 GMT
Server: nginx/1.15.3
ETag: "5a72f7ed-12931"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76081

GET
H/1.1 200
OK liam-cleary.png
try.netwrix.com/images/uploads/ 4 KB
4 KB 119ms
118ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/liam-cleary.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 31bb98a4f8111eb52651252d6709b821207d1e968b8356f0e5d5b9983ff64217

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D; _ga=GA1.2.1684162588.1538167419; _gid=GA1.2.39533434.1538167419; _gat=1; _ga=GA1.3.1684162588.1538167419; _gid=GA1.3.39533434.1538167419; _gat_UA-2538779-16=1
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Thu, 02 Aug 2018 11:54:39 GMT
Server: nginx/1.15.3
ETag: "5b62f0ff-102d"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4141

GET
H/1.1 200
OK webinar_ico_3.png
try.netwrix.com/images/uploads/ 1 KB
1 KB 208ms
118ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/webinar_ico_3.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 63a05428d8e7957853c4f866b9e02e273fa1af47466acdd84053f53ea4d1fe85

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Fri, 27 Jul 2018 11:41:23 GMT
Server: nginx/1.15.3
ETag: "5b5b04e3-436"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1078

GET
H/1.1 200
OK conversation_ico.png
try.netwrix.com/images/uploads/ 808 B
1 KB 208ms
118ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/conversation_ico.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: c85b60183eda0baa608a324aa92163d6494aa73152de1b05bf0acc31877c2444

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Mon, 30 Jul 2018 15:28:25 GMT
Server: nginx/1.15.3
ETag: "5b5f2e99-328"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 808

GET
H/1.1 200
OK Security_analyst.png
try.netwrix.com/images/uploads/ 2 KB
3 KB 208ms
118ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/Security_analyst.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 527e5d6a610743f8447589d600b3d2b27ab756dc94cdfa91e0fb9d4be8085007

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Wed, 30 May 2018 12:11:39 GMT
Server: nginx/1.15.3
ETag: "5b0e94fb-8de"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2270

GET
H/1.1 200
OK iStock-817486028.jpg
try.netwrix.com/images/uploads/ 600 KB
601 KB 323ms
235ms Image
image/jpeg 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/iStock-817486028.jpg
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 254fd3624ce7ab4efd2a0ceedcb54abdb9f5b42af7c7f5a048102430e05633e6

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Thu, 02 Aug 2018 10:15:29 GMT
Server: nginx/1.15.3
ETag: "5b62d9c1-96150"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 614736

GET
H/1.1 200
OK tel.png
try.netwrix.com/images/uploads/ 262 B
709 B 320ms
117ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/tel.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 64d60214674f2d4c9bc4599f8993c5bf74a6284103fc8729eb2d71241fc74b1e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Thu, 22 Feb 2018 13:16:53 GMT
Server: nginx/1.15.3
ETag: "5a8ec2c5-106"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 262

GET
H/1.1 200
OK netwrix-logo-no-tagline@2x.png
try.netwrix.com/images/uploads/ 3 KB
3 KB 212ms
118ms Image
image/png 162.213.14.138
Metro Data Center...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://try.netwrix.com/images/uploads/netwrix-logo-no-tagline@2x.png
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.213.14.138 Powell, United States, ASN54676 (MDC-AS01 - Metro Data Center LLC, US),
Reverse DNS: 162-213-14-138.Static-14.MetroDataCenter.COM
Software: nginx/1.15.3 /
Resource Hash: 43d24cefb122dc34e2b1b4305b0eadbc3d7e55b37bef2ba9e8b0e2d277aa67bb

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Cookie: nwf_cid=7010g000001Ybbk; nwf_spot_id=txt-url-1; utm_source=email; utm_medium=featured-webinar; _csrf-frontend=9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
Connection: keep-alive
Cache-Control: no-cache
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:38 GMT
Last-Modified: Thu, 01 Feb 2018 15:56:59 GMT
Server: nginx/1.15.3
ETag: "5a7338cb-bc1"
Content-Security-Policy-Report-Only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3009

GET
S 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,600i,700&subset=cyrillic,cyrillic-ext
Origin: https://try.netwrix.com

Response headers

date: Mon, 24 Sep 2018 14:16:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 368832
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8892
x-xss-protection: 1; mode=block
expires: Tue, 24 Sep 2019 14:16:27 GMT

GET
S 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,600i,700&subset=cyrillic,cyrillic-ext
Origin: https://try.netwrix.com

Response headers

date: Mon, 24 Sep 2018 14:16:29 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:48 GMT
server: sffe
age: 368830
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8916
x-xss-protection: 1; mode=block
expires: Tue, 24 Sep 2019 14:16:29 GMT

GET
S 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81d::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400i,600,600i,700&subset=cyrillic,cyrillic-ext
Origin: https://try.netwrix.com

Response headers

date: Mon, 24 Sep 2018 14:16:29 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:38 GMT
server: sffe
age: 368830
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8732
x-xss-protection: 1; mode=block
expires: Tue, 24 Sep 2019 14:16:29 GMT

GET
S 200 js Show response
www.google-analytics.com/gtm/ 55 KB
21 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:81d::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5DPZF9N&cid=1684162588.1538167419

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

df095c8334d82adb26e2a667edc85e8c9289064b19ad0e2130bd8fefb2bdd1c0

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 21825
x-xss-protection: 1; mode=block
expires: Fri, 28 Sep 2018 20:43:39 GMT

GET
S 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 21 KB
8 KB 15ms
15ms Script
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.217.22.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

86c08461d833a15b8629c0a69f5e4596cec928386cb21f999dcdb6673179feed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 8198
x-xss-protection: 1; mode=block
server: cafe
etag: 5504586355873633278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 28 Sep 2018 20:43:39 GMT

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 13 KB
4 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:f1:28a::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:f1:28a::3adf , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 06 Aug 2018 22:17:52 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=67229
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4105

GET
S 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 25ms
6ms Script
application/javascript 104.244.43.176
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.43.176 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
age: 74658
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-tw-fra1-cr1-20-TWFRA1
last-modified: Tue, 23 Jan 2018 19:05:33 GMT
x-timer: S1538167419.398961,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
S 200 analytics.js Show response
www.google-analytics.com/ 39 KB
16 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81d::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

ed17a6e7532cc3065f9fbd8f607dfd30e09b4531ada9f7cb5732a2bf6cf6744c

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Sep 2018 23:12:19 GMT
server: Golfe2
age: 4536
date: Fri, 28 Sep 2018 19:28:03 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 16173
expires: Fri, 28 Sep 2018 21:28:03 GMT

GET
S 200 qevents.js Show response
a.quora.com/ 17 KB
6 KB 185ms
69ms Script
text/plain 151.101.133.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.133.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3f37d74095d27ff0f96a5db6eb5136c477109a18e09d9dc6b94bd9cb5f45fba2

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: YCV7VuLi1FWNdCoW3lEJrFWrz1GWe8vX
content-encoding: gzip
etag: "ff1694b5052cad982a64fab43387cf6d"
age: 5689
x-cache: HIT
status: 200
content-length: 5544
x-amz-id-2: pux8vPUKwlTIicLeXJmhJELNA+qMPtetHPq6hnStxwgaH2RZgJfm76IIch8BeCD0StInxOi53Iw=
x-served-by: cache-mad9444-MAD
last-modified: Thu, 17 May 2018 01:54:45 GMT
server: AmazonS3
x-timer: S1538167420.535719,VS0,VE0
date: Fri, 28 Sep 2018 20:43:39 GMT
vary: Accept-Encoding
x-amz-request-id: 7DF5E0AD67D8E362
via: 1.1 varnish
cache-control: max-age=7200
accept-ranges: bytes
content-type: text/plain; charset=us-ascii
x-cache-hits: 2882

GET
S 200 stat.js Show response
www.clickcease.com/monitor/ 171 KB
51 KB 186ms
18ms Script
application/javascript 2400:cb00:2048:1::6819:5c6e
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clickcease.com/monitor/stat.js
Requested by: Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2400:cb00:2048:1::6819:5c6e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a100b0f6f3c67ffb76a8ff2947aaabc20f0c4d90719bebf50c80f2fd80f3507

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
etag: W/"2ae09-5706659536c33"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=604800
cf-polished: origSize=175625
last-modified: Sat, 07 Jul 2018 10:36:11 GMT
cf-ray: 46190b2439a3275c-FRA
expires: Fri, 05 Oct 2018 20:43:39 GMT

GET
S 200 ytc.js Show response
s.yimg.com/wi/ 15 KB
4 KB 47ms
47ms Script
application/javascript 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, DE),

Reverse DNS

Software

ATS /

Resource Hash

bd999047408eaf20ae15ab916d344330d118fa72b0703fa1784deb648d36bb7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
status: 200
strict-transport-security: max-age=15552000
content-length: 4111
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 28 Sep 2018 20:14:56 GMT
server: ATS
x-frame-options: DENY
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Accept-Encoding
content-type: application/javascript
via: http/1.1 spdc0040.pbp.ir2.yahoo.com (ApacheTrafficServer), https/1.1 e20.ycpi.deb.yahoo.com (ApacheTrafficServer [cMsSf ])
public-key-pins-report-only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
accept-ranges: bytes

GET
S 200 px.js Show response
px.spiceworks.com/ 22 KB
7 KB 57ms
31ms Script
text/javascript 45.60.13.212
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://px.spiceworks.com/px.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W3QS84
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.60.13.212 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: ef5164ac5e5a0c77638ee20cbd7f84d14309da82c25341df68a6a146a7885303

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
x-iinfo: 5-66497962-66493360 PNNN RT(1538167418981 0) q(0 0 0 0) r(1 1) U5
date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-cdn: Incapsula
content-type: text/javascript

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j69&a=750257376&t=pageview&_s=1&dl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_gid=39533434.1538167419&gjid=1553255405&_v=j69&z=778095152
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152&slf_rd=1&random=2487381343

42 B
109 B

18ms
18ms

Image
image/gif

2a00:1450:4001:815::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152&slf_rd=1&random=2487381343

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-12&cid=1684162588.1538167419&jid=397205802&_v=j69&z=778095152&slf_rd=1&random=2487381343
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j69&a=750257376&t=pageview&_s=1&dl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_gid=39533434.1538167419&gjid=1400963095&_v=j69&z=467835755
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755&slf_rd=1&random=3071665362

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:815::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755&slf_rd=1&random=3071665362

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2538779-16&cid=1684162588.1538167419&jid=1108098052&_v=j69&z=467835755&slf_rd=1&random=3071665362
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1065651091/ 4 KB
2 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80b::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1065651091/?random=1538167419420&cv=9&fst=1538167419420&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G9o&sendb=1&frm=0&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VR&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkz&tiba=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:80b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

bf131db78740431bc075f3dbec1dac6876fbb2c19e8345a27decf90d44561980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1806
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 adsct
t.co/i/ 43 B
426 B 112ms
112ms Image
image/gif 104.244.42.69
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvqhc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 106
pragma: no-cache
last-modified: Fri, 28 Sep 2018 20:43:39 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0f280afa5210d193b54c92824d5da058
x-transaction: 008d6323007999a1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 204 sp.pl Show response
sp.analytics.yahoo.com/ 0
53 B 34ms
34ms Script
text/plain 188.125.66.33
YAHOO-IRD

General

Check archive.org

Show headers Download Go to

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=10000&jsonp=YAHOO.ywa.I13N.handleJSONResponse&d=Fri%2C%2028%20Sep%202018%2020%3A43%3A39%20GMT&n=0&b=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&.yp=10054157&f=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&e=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&enc=UTF-8

Requested by

Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

188.125.66.33 , Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
via: http/1.1 spdc0034.pbp.ir2.yahoo.com (ApacheTrafficServer)
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
public-key-pins-report-only: max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A="; pin-sha256="i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc="; includeSubdomains; report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only"
status: 204
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-content-type-options: nosniff

GET
S 200 /
www.google.com/pagead/1p-user-list/1065651091/ 42 B
113 B 23ms
22ms Image
image/gif 2a00:1450:4001:815::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1065651091/?random=1538167419420&cv=9&fst=1538164800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G9o&sendb=1&frm=0&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VR&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkz&tiba=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2187581620&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 /
www.google.de/pagead/1p-user-list/1065651091/ 42 B
109 B 27ms
26ms Image
image/gif 2a00:1450:4001:815::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1065651091/?random=1538167419420&cv=9&fst=1538164800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&gtm=G9o&sendb=1&frm=0&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VR&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkz&tiba=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2187581620&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 5iig
px.spiceworks.com/px/ 42 B
264 B 38ms
38ms Image
image/gif 45.60.13.212
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.spiceworks.com/px/5iig?buster=77275&pxref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&_fpv=2.4&_fpt=3&_fp2=866036f769d411d6d1df14d81864b646
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.60.13.212 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
x-iinfo: 5-66497979-66493360 PNNN RT(1538167419043 0) q(0 0 0 -1) r(0 0) U5
date: Fri, 28 Sep 2018 20:43:39 GMT
x-cdn: Incapsula
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/a2b5f2f055f544cabba15e76e9f2379c/ 43 B
312 B 465ms
104ms Image
image/gif 35.172.77.143
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://q.quora.com/_/ad/a2b5f2f055f544cabba15e76e9f2379c/pixel?j=1&u=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&tag=ViewContent&ts=1538167419572
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.172.77.143 Seattle, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-35-172-77-143.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:39 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

OPTIONS
H/1.1 200
OK stats Show response
monitor.clickcease.com/monitor/api/ 0
347 B 466ms
92ms XHR
text/plain 40.87.71.55
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://monitor.clickcease.com/monitor/api/stats
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 40.87.71.55 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: https://try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Fri, 28 Sep 2018 20:43:40 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Allow: OPTIONS, TRACE, GET, HEAD, POST
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS
Access-Control-Allow-Origin: *
Public: OPTIONS, TRACE, GET, HEAD, POST
Access-Control-Allow-Headers: Content-Type
Content-Length: 0

GET
S

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07B...
https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07B...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1538167419669%26pid%3D79820%26url%3Dhttps%253A%252F%252Ftry.netwrix.com%252Fhow_attackers_exploi...
https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07B...

0
110 B

114ms
113ms

Script
application/javascript

2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&pageUrl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&fmt=js&s=1&cookiesTest=true&liSync=true
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:40 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: aLnFch6rWBVgXHRC8yoAAA==

Redirect headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: dbDsax6rWBUgKtLcdysAAA==
server: Play
pragma: no-cache
x-li-pop: prod-efr5
x-frame-options: sameorigin
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1538167419669&pid=79820&url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&pageUrl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
S 200 adsct Show response
analytics.twitter.com/i/ 31 B
660 B 174ms
158ms Script
application/javascript 104.244.42.67
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nvqhc&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 1; mode=block; report=https://twitter.com/i/xss_report
x-response-time: 149
pragma: no-cache
last-modified: Fri, 28 Sep 2018 20:43:39 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d809516c3f9c250d937d3b0533ed12eb
x-transaction: 00c58660006a38dc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
S 200 8f0a0db9.min.js Show response
tag.demandbase.com/ 55 KB
15 KB 41ms
13ms Script
application/javascript 54.230.95.126
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/8f0a0db9.min.js
Requested by: Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.126 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-126.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7c50d3bfbb1bd186261e5550fa2a2bd061ef2e5d9265103a5f0fe54dd3d73745

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 20 Sep 2018 04:52:50 GMT
content-encoding: gzip
last-modified: Thu, 20 Sep 2018 04:05:26 GMT
server: AmazonS3
age: 2332
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: FeoF.p3xWWp5V7iVuZkQP8PYmjGisRAg
status: 200
cache-control: public, max-age=3600
content-type: application/javascript
x-amz-cf-id: Roo0ZkgIjoo4dRPOXwTt_jYozl6TJnUHdhDIt-kfcFnkbfuqUr5kmw==
via: 1.1 e621b964f8c348548e0b42950cc55248.cloudfront.net (CloudFront)

GET
S 200 bat.js Show response
bat.bing.com/ 22 KB
7 KB 31ms
30ms Script
application/javascript 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: go.netwrix.com
URL: http://go.netwrix.com/dc/B7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA==/E1x0M0B4AgC0Q0oN0T0jd0h
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: 3a9b1aaf047d7ab5119bb338a86bee9788c4e79392d4abb12408d62bec6e86fb

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
last-modified: Thu, 26 Jul 2018 13:15:21 GMT
x-msedge-ref: Ref A: 8FC92A3AC50F47E4B6312B24555581D4 Ref B: FRAEDGE0213 Ref C: 2018-09-28T20:43:39Z
status: 200
etag: "80ba7eb4e224d41:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7020

GET
S 200 fbevents.js Show response
connect.facebook.net/en_US/ 45 KB
14 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

5e4fb5563218c9d2c6548a50764e052853fe611f3bd3e9e6b353c079a16b618f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 14117
x-xss-protection: 0
pragma: public
x-fb-debug: Va0zGvw23jClsS3BX564Edy4fJ9AZPf9z1jglKN+jel6kQVFQrpLoyBtqB4YBB92JhVsR57wV/brzQ8il8NMtg==
x-frame-options: DENY
date: Fri, 28 Sep 2018 20:43:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK watch.js Show response
mc.yandex.ru/metrika/ 124 KB
42 KB 50ms
25ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

b90f2e7392bb93e6873953c0101ae514b1ae392ec3a8144cbd25029d056afae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 Sep 2018 14:26:36 GMT
Server: nginx/1.12.2
ETag: "5b9bc51c-a769"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 42857
Expires: Fri, 28 Sep 2018 21:43:39 GMT

GET
S 200 806225786101261 Show response
connect.facebook.net/signals/config/ 87 KB
17 KB 36ms
35ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/806225786101261?v=2.8.30&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

a4bddbb1c0967cc1fa9e1692cee9a2d4106a8f43109a55624c6ef45a34f94260

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: vPNyiopiyVcW2Z/hZSh32ibjyg5DCr1NX8oxKoPSTqYN4NCMCKlPFTOmoFsd3sI3/8z1EM4q6ipFgmMW91E0Vw==
x-frame-options: DENY
date: Fri, 28 Sep 2018 20:43:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 204 0
bat.bing.com/action/ 0
93 B 32ms
31ms Image
text/plain 204.79.197.200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=4005993&Ver=2&mid=c432be52-21d8-3b83-c100-0d23d6ac8ac7&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&r=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&p=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&lt=1886&evt=pageLoad&msclkid=N&rn=76231
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Fri, 28 Sep 2018 20:43:39 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 794DFE3505714648A20CC483F685EB7D Ref B: FRAEDGE0213 Ref C: 2018-09-28T20:43:39Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
S 200 ip.json Show response
api.company-target.com/api/v2/ 432 B
913 B 93ms
56ms XHR
application/json 54.230.95.191
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&page_title=A%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities&key=d130ca0df2048accf715ab3695c9135e&src=tag
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.191 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-191.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 8b388e71fba9746bce7ecc956db8da1359294d02bcce2d09314ce7b0ccf053f7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Origin: https://try.netwrix.com

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
content-encoding: gzip
access-control-allow-origin: https://try.netwrix.com
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: dd8b79c9-cfbb-4011-a8ed-3108b2c2afbd
content-length: 242
pragma: no-cache
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 9f37c8b999ae2d6018396fda48773445.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NFqX1oOjQ2Qc9a9_Hwo-UB3BCAcTaOteEkCDGacdX0gEO96wsA2IuA==
expires: Thu, 27 Sep 2018 20:43:39 GMT

GET
S

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a...
https://d.company-target.com/ul_cb/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw0...

283 B
283 B

16ms
15ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 283

Redirect headers

date: Fri, 28 Sep 2018 20:43:39 GMT
via: 1.1 google
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15168414648798&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
S

200

pixel
d.company-target.com/ul_cb/
Redirect Chain

https://d.company-target.com/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a...
https://d.company-target.com/ul_cb/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw0...

283 B
283 B

21ms
20ms

Image
text/javascript

35.190.27.37
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.company-target.com/ul_cb/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.27.37 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 37.27.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
alt-svc: clear
content-length: 283

Redirect headers

date: Fri, 28 Sep 2018 20:43:39 GMT
via: 1.1 google
status: 302
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://d.company-target.com/ul_cb/pixel?type=js&id=15168414642038&page=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

log
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAG_EU63XSUAACs8gS1FRg

26 B
483 B

121ms
96ms

Image
image/gif

54.230.95.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/log?vendor=choca&user_id=AAG_EU63XSUAACs8gS1FRg
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-107.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:39 GMT
Via: 1.1 4a501584e3a3223a6a87ec2ecbfb889c.cloudfront.net (CloudFront)
Connection: keep-alive
Content-Length: 26
X-Amz-Cf-Id: Jn6bX4VLq6TKu1tIiEeLazHXdIi07WHQigxvqO1za-xkF39--jbpBQ==
X-Cache: Miss from cloudfront
Content-Type: image/gif

Redirect headers

location: https://segments.company-target.com/log?vendor=choca&user_id=AAG_EU63XSUAACs8gS1FRg
Date: Fri, 28 Sep 2018 20:43:39 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

wtk
segments.company-target.com/
Redirect Chain

https://id.rlcdn.com/464526.gif
https://id.rlcdn.com/464526.gif?redirect=1
https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc12973ZHQEsh49k0HgWuQlHDqzz9rYgBGckmQc_NhWzCEwsI

26 B
324 B

184ms
183ms

Image
image/gif

54.230.95.107
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc12973ZHQEsh49k0HgWuQlHDqzz9rYgBGckmQc_NhWzCEwsI
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.95.107 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-230-95-107.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:40 GMT
Via: 1.1 4a501584e3a3223a6a87ec2ecbfb889c.cloudfront.net (CloudFront)
Connection: keep-alive
Content-Length: 26
X-Amz-Cf-Id: o_UIkDJtmwf5Czw7PgIdLR9BlQ7CrtNQC3yn4IqxF3rRtMR5Yk9_kw==
X-Cache: Miss from cloudfront
Content-Type: image/gif

Redirect headers

Location: https://segments.company-target.com/wtk?vendor=liveramp&lrid=Xc12973ZHQEsh49k0HgWuQlHDqzz9rYgBGckmQc_NhWzCEwsI
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
status: 302
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif; charset=ISO-8859-1
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
S 200 /
www.facebook.com/tr/ 44 B
247 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=806225786101261&ev=PageView&dl=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&rl=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&if=false&ts=1538167419754&sw=1600&sh=1200&v=2.8.30&r=stable&ec=0&o=28&it=1538167419709&coo=false
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Fri, 28 Sep 2018 20:43:39 GMT

GET
H/1.1

302
Found

1 Show response
mc.yandex.ru/watch/31488613/
Redirect Chain

https://mc.yandex.ru/watch/31488613?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8x...
https://mc.yandex.ru/watch/31488613/1?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t...

0
-1 B

14ms
13ms

XHR

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/31488613/1?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page-url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538167417793%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1185%3Ai%3A20180928204339%3Aet%3A1538167420%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A167980174%3Ahid%3A575837314%3Ads%3A169%2C241%2C360%2C7%2C346%2C0%2C0%2C746%2C11%2C%2C%2C%2C1875%3Afp%3A1634%3Awn%3A16127%3Ahl%3A2%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538167420%3Au%3A1538167420759870259%3At%3AA%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 28 Sep 2018 20:43:39 GMT
Last-Modified: Fri, 28 Sep 2018 20:43:39 GMT
Server: nginx/1.12.2
Location: https://mc.yandex.ru/watch/31488613/1?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page-url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538167417793%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1185%3Ai%3A20180928204339%3Aet%3A1538167420%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A167980174%3Ahid%3A575837314%3Ads%3A169%2C241%2C360%2C7%2C346%2C0%2C0%2C746%2C11%2C%2C%2C%2C1875%3Afp%3A1634%3Awn%3A16127%3Ahl%3A2%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538167420%3Au%3A1538167420759870259%3At%3AA%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities
Strict-Transport-Security: max-age=31536000
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin: https://try.netwrix.com
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Fri, 28 Sep 2018 20:43:39 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 28 Sep 2018 20:43:39 GMT
Last-Modified: Fri, 28 Sep 2018 20:43:39 GMT
Server: nginx/1.12.2
Location: https://mc.yandex.ru/watch/31488613/1?wmode=7&page-ref=http%3A%2F%2Fgo.netwrix.com%2Fdc%2FB7giRUUoVYcZ6EL78QQqcbj_76JXZFSKDuoZma7FLB29E4gZnr-ZPoto6dteO5PaJzDy7-KmucqMO6fRP67Np1-AR4FnKee1mpQptatnp9t8xoGP22lRAUM53idzo9VsmDlSXZhOfNfsUC-FrSSY0rm_W8vxe8yTI0-aU70p31gGDc3SbkkEpMavXt0sIhVFDYeI7Sax7vFhWjbThZWLGXu9aBFszLle31dH12OfVjkeXn43OKPBBnwx6iMrbWExa-1r62Q_nYV2ALJ00uawy-s3ehLRbs2iz-ntzKt0WCfJ_ajb9TD01ZY26lSwG2Kc2Mc9KvsqLpN2yX8_MUXo06TF18s7O9DlA7GBuMFuPGMrfAxqGUSmUfevkSdjhA1MmE1I7S7J7Qy5Q1GazVzZmEcVkJzg12QP0K32c_En61R67HvIkS9YivLvPzSPP4XOM7URO_e2yQYmKmlCxH8lV-7vVXzHVZXvT03GZkzCDBm9C6P8hdrrPmFFFGuYwUnWdcQvafcwWjtmMPQOrgwzLoiGZCcstU2QTbBSfSiGSgBGhKxP1h1JfW0JpWE97o0GpvkE2hL5nOFNy6UYHUk2nA%3D%3D%2FE1x0M0B4AgC0Q0oN0T0jd0h&page-url=https%3A%2F%2Ftry.netwrix.com%2Fhow_attackers_exploit_office_365_vulnerabilities_nemea%3FencQryStr%3D3YXxjMR7wxW2S%25252BiRw07BwD1a%25252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%25252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%25252FMbaQ8Pg5sUJcVLJQ%25253D%25253D%26iv%3D2kVoBhHgvgHDQgZO5ZPPFg%25253D%25253D%26cID%3D7010g000001Ybbk%26sID%3Dtxt-url-1%26mkt_tok%3DeyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%25253D%26utm_source%3Demail%26utm_medium%3Dfeatured-webinar%26utm_campaign%3Dnemea-20180927-hacker-explains-office-365-invitation-plaintext-B&charset=utf-8&browser-info=ti%3A10%3Ans%3A1538167417793%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1185%3Ai%3A20180928204339%3Aet%3A1538167420%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A167980174%3Ahid%3A575837314%3Ads%3A169%2C241%2C360%2C7%2C346%2C0%2C0%2C746%2C11%2C%2C%2C%2C1875%3Afp%3A1634%3Awn%3A16127%3Ahl%3A2%3Agdpr%3A14%3Av%3A1227%3Ast%3A1538167420%3Au%3A1538167420759870259%3At%3AA%20Hacker%20Explains%3A%20How%20Attackers%20Exploit%20Office%20365%20Vulnerabilities
Strict-Transport-Security: max-age=31536000
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin: https://try.netwrix.com
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Fri, 28 Sep 2018 20:43:39 GMT

GET
H/1.1 200
OK advert.gif
mc.yandex.ru/metrika/ 43 B
445 B 21ms
12ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 28 Sep 2018 20:43:39 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Server: nginx/1.12.2
ETag: "561bb0f5-3d"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 61
Expires: Fri, 28 Sep 2018 21:43:39 GMT

GET
H/1.1 200
OK 1 Show response
mc.yandex.ru/watch/31488613/ 177 B
769 B 26ms
13ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

a6a26b85ffd64ea509e3a9664ad52f7baf5b551044aacff8398b16b53f070f63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Origin: https://try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Fri, 28 Sep 2018 20:43:39 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 28 Sep 2018 20:43:39 GMT
Server: nginx/1.12.2
Strict-Transport-Security: max-age=31536000
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Origin: https://try.netwrix.com
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 177
X-XSS-Protection: 1; mode=block
Expires: Fri, 28 Sep 2018 20:43:39 GMT

POST
H/1.1 200
OK stats Show response
monitor.clickcease.com/monitor/api/ 1 B
399 B 154ms
154ms XHR
application/json 40.87.71.55
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://monitor.clickcease.com/monitor/api/stats
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 40.87.71.55 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Origin: https://try.netwrix.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 28 Sep 2018 20:43:40 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Headers: Content-Type
Content-Length: 1
Expires: -1

POST
H2 200 /
www.facebook.com/tr/ Frame 5C4C 0
0 10ms
8ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL: https://www.facebook.com/tr/
Requested by: Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 2358
pragma: no-cache
cache-control: no-cache
origin: https://try.netwrix.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
accept-encoding: gzip, deflate
cookie: fr=0QWHICEwjHWBiCVbW..BbrpJ7...1.0.BbrpJ7.
Origin: https://try.netwrix.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B

Response headers

status: 200
content-type: text/plain
content-length: 0
server: proxygen-bolt
date: Fri, 28 Sep 2018 20:43:40 GMT

GET
S 200 nr-1071.min.js Show response
js-agent.newrelic.com/ 23 KB
9 KB 56ms
55ms Script
application/javascript 151.101.134.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1071.min.js
Requested by: Host: try.netwrix.com
URL: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.134.110 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Fri, 28 Sep 2018 20:43:40 GMT
content-encoding: gzip
x-amz-request-id: C9DA385D66DA1DB7
x-cache: HIT
status: 200
content-length: 9086
x-amz-id-2: PUTi6lKTEoUQTljsAXYpnYbXhJ10egFhE0dfYkOyDd3sqHXTfNuZv8m63mC0G8B+PZLeNvTjAsE=
x-served-by: cache-mad9424-MAD
last-modified: Wed, 28 Feb 2018 23:33:31 GMT
server: AmazonS3
x-timer: S1538167420.451881,VS0,VE0
etag: "a1a545c95f313a230157b47dca555c25"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 25385

GET
H/1.1 200
OK 51572a2fb7 Show response
bam.nr-data.net/1/ 57 B
261 B 108ms
108ms Script
text/javascript 162.247.242.21
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/51572a2fb7?a=12273983&v=1071.385e752&to=ZwYEMEdZVkoCAUxbCl5MMxZcF1FXBwdAHBVYEw%3D%3D&rst=2704&ref=https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea&ap=120&be=1171&fe=2636&dc=1874&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1538167417793,%22n%22:0,%22f%22:346,%22dn%22:347,%22dne%22:516,%22c%22:516,%22s%22:633,%22ce%22:757,%22rq%22:757,%22rp%22:1117,%22rpe%22:1124,%22dl%22:1128,%22di%22:1874,%22ds%22:1875,%22de%22:1886,%22dc%22:2636,%22l%22:2636,%22le%22:2640%7D,%22navigation%22:%7B%7D%7D&at=S0EHRg9DRUQ%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1071.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 , United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: https://try.netwrix.com/how_attackers_exploit_office_365_vulnerabilities_nemea?encQryStr=3YXxjMR7wxW2S%252BiRw07BwD1a%252BmL1vW9TjhzSRO6HBAX9Ncft9PpwnKteekLnh7yw80UFqd0K7DEOnc%252BAKjF1zt6BHjsDaQsPnPiLoG0hRWjwn%252FMbaQ8Pg5sUJcVLJQ%253D%253D&iv=2kVoBhHgvgHDQgZO5ZPPFg%253D%253D&cID=7010g000001Ybbk&sID=txt-url-1&mkt_tok=eyJpIjoiT0dOaU5qaGtOemM1TVdOaiIsInQiOiJTMlRJXC9sZlwvQlwvU0xtS05RdFk2SStBdGVLREtERFV5VWZOOFR5VG9CeFwvVlUzRmZFNEQ1OW82SXFPSmNjZ3dadFBQYmZNemJ2NlBWVytIbUlnbVB4KzRTRWk3d0NuR3ZVXC83SFdaTENkR1dGT1VRYnJDbUthM21TcGRwWlRraDRLIn0%253D&utm_source=email&utm_medium=featured-webinar&utm_campaign=nemea-20180927-hacker-explains-office-365-invitation-plaintext-B
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.netwrix.com/	1970-01-18 19:16:09	Name: _ym_visorc_31488613 Value: w
.netwrix.com/	1970-01-18 19:17:19	Name: _ym_isad Value: 2
.try.netwrix.com/	1970-01-18 19:17:33	Name: _gid Value: GA1.3.39533434.1538167419
.netwrix.com/	1970-01-18 19:26:12	Name: nwf_spot_id Value: txt-url-1
.netwrix.com/	1970-01-18 19:16:07	Name: _gat Value: 1
.netwrix.com/	1970-01-18 19:17:33	Name: _gid Value: GA1.2.39533434.1538167419
.netwrix.com/	1970-01-19 04:01:43	Name: _ym_uid Value: 1538167420759870259
.netwrix.com/	1970-01-19 12:47:19	Name: _ga Value: GA1.2.1684162588.1538167419
try.netwrix.com/	1969-12-31 23:59:59	Name: _csrf-frontend Value: 9306ec46cbe32d4d01a7f70f9988bac36f6d1f0a750d98900a23e8f56bb9629ca%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22cj0IcwapKJxTtGgzymcpJtxtsvuO8ed4%22%3B%7D
.netwrix.com/	1970-01-18 19:26:12	Name: utm_medium Value: featured-webinar
.netwrix.com/	1970-01-19 04:01:43	Name: _ym_d Value: 1538167420
.try.netwrix.com/	1970-01-18 19:16:07	Name: _gat_UA-2538779-16 Value: 1
.netwrix.com/	1970-01-18 19:26:12	Name: nwf_cid Value: 7010g000001Ybbk
.try.netwrix.com/	1970-01-19 12:47:19	Name: _ga Value: GA1.3.1684162588.1538167419
.netwrix.com/	1970-01-18 19:26:12	Name: utm_source Value: email

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
analytics.twitter.com
api.company-target.com
bam.nr-data.net
bat.bing.com
connect.facebook.net
d.company-target.com
fonts.googleapis.com
fonts.gstatic.com
go.netwrix.com
googleads.g.doubleclick.net
id.rlcdn.com
img.netwrix.com
js-agent.newrelic.com
match.prod.bidr.io
mc.yandex.ru
monitor.clickcease.com
px.ads.linkedin.com
px.spiceworks.com
q.quora.com
s.yimg.com
segments.company-target.com
sjs.bizographics.com
sp.analytics.yahoo.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
try.netwrix.com
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.netwrix.com
104.244.42.67
104.244.42.69
104.244.43.176
108.161.188.153
151.101.133.2
151.101.134.110
162.213.14.138
162.247.242.21
172.217.22.66
18.233.2.137
188.125.66.33
199.15.213.48
204.79.197.200
2400:cb00:2048:1::6819:5c6e
2a00:1288:80:800::7001
2a00:1450:4001:80b::2002
2a00:1450:4001:815::2003
2a00:1450:4001:815::2004
2a00:1450:4001:816::2008
2a00:1450:4001:81d::2003
2a00:1450:4001:81d::200a
2a00:1450:4001:81d::200e
2a00:1450:400c:c00::9d
2a02:26f0:f1:28a::3adf
2a02:6b8::1:119
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
35.172.77.143
35.190.27.37
40.87.71.55
45.60.13.212
52.214.113.33
54.230.95.107
54.230.95.126
54.230.95.191
0884d45d453ab37eaae7b9da4d24d091b5afbe6501b726da381e7bf3240ce97d
0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8
0e61af2bfebca120ae344dc48386bbd2b6d24486524cf98ed55327b084bf1702
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
254fd3624ce7ab4efd2a0ceedcb54abdb9f5b42af7c7f5a048102430e05633e6
2b20bde6d5ca9d842bf4926eeba096fabef36b8c86ecfd241ff59d40d715b677
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
31bb98a4f8111eb52651252d6709b821207d1e968b8356f0e5d5b9983ff64217
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
37e43360bddca0ce46fb435e0f6f6f2ece15a5264dab49341ca24bf1fdf452b5
3a100b0f6f3c67ffb76a8ff2947aaabc20f0c4d90719bebf50c80f2fd80f3507
3a9b1aaf047d7ab5119bb338a86bee9788c4e79392d4abb12408d62bec6e86fb
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3f37d74095d27ff0f96a5db6eb5136c477109a18e09d9dc6b94bd9cb5f45fba2
43d24cefb122dc34e2b1b4305b0eadbc3d7e55b37bef2ba9e8b0e2d277aa67bb
45f7bdbd87e76c495b9fe3c89a981837c523bb35e506cd66ffcd1500070054fb
50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd
527e5d6a610743f8447589d600b3d2b27ab756dc94cdfa91e0fb9d4be8085007
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
5d6c37a78e3844fb3db3436f6e5f629fe8a1f886a4f77c93bccbc020cefb1c1f
5e4fb5563218c9d2c6548a50764e052853fe611f3bd3e9e6b353c079a16b618f
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
63a05428d8e7957853c4f866b9e02e273fa1af47466acdd84053f53ea4d1fe85
64d60214674f2d4c9bc4599f8993c5bf74a6284103fc8729eb2d71241fc74b1e
71696707377feeb99ac8cb9c9789acef3e6a663a2b4dc6635be1a7182d01171e
7b2c8a502912ce0e8d1105e2e56a454fb805cdb1f956a5d40103677d98da0e7d
7c50d3bfbb1bd186261e5550fa2a2bd061ef2e5d9265103a5f0fe54dd3d73745
7e630d90c7234b0df1729f62b8f9e4bbfaf293d91a5a0ac46df25f2a6759e39a
86c08461d833a15b8629c0a69f5e4596cec928386cb21f999dcdb6673179feed
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
8b388e71fba9746bce7ecc956db8da1359294d02bcce2d09314ce7b0ccf053f7
8fba402f91c574135954f5ec9a7d6540a5e976fefed9a0bfa3d2607a3c0fd70d
910b5c9c0943490641d7e8608f0ad42c4a05fc88012b23af70d2ada73c67f388
a4bddbb1c0967cc1fa9e1692cee9a2d4106a8f43109a55624c6ef45a34f94260
a6a26b85ffd64ea509e3a9664ad52f7baf5b551044aacff8398b16b53f070f63
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adeec0de52a91b30c262de488eea4563e39d2c450f46649b9c1ebcd9b8fa6536
b90f2e7392bb93e6873953c0101ae514b1ae392ec3a8144cbd25029d056afae9
bd999047408eaf20ae15ab916d344330d118fa72b0703fa1784deb648d36bb7a
bf131db78740431bc075f3dbec1dac6876fbb2c19e8345a27decf90d44561980
c85b60183eda0baa608a324aa92163d6494aa73152de1b05bf0acc31877c2444
df095c8334d82adb26e2a667edc85e8c9289064b19ad0e2130bd8fefb2bdd1c0
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df41c8d17779f48b358b144c228059a78c4fc79161925503b32573d2163073c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e2bdd846c21ff3d12972c112880bf203ef396f61626e2a36ad225b9515c64b
e5c0b07b943a410e7394ec5baf67110f706f81b69481ebd3c7881e920bceda1a
ed17a6e7532cc3065f9fbd8f607dfd30e09b4531ada9f7cb5732a2bf6cf6744c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5164ac5e5a0c77638ee20cbd7f84d14309da82c25341df68a6a146a7885303
ef85329fcf6feeadff288ad564bbd1ddc8600784a819b2b87d5ab7ae3b3fcf39
efe7e62fdc49b6f40d7af5783dce50b2cbc4b4e982f4c1d960ebe004b61dd3e2
f463ac4b10148d7c9a02da74f322a300d920967201ff6d043e046b6f4f5db932
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f8a552cf9659386f4ccb222b092e1e249de7533055696186f51e5fb2c91f72c7

try.netwrix.com Open in urlscan Pro 162.213.14.138 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

99 %HTTPS

43 %IPv6

29 Domains

38 Subdomains

33 IPs

5 Countries

1193 kBTransfer

2238 kBSize

15 Cookies

2 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

try.netwrix.com Open in urlscan Pro
162.213.14.138 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

99 %
HTTPS

43 %
IPv6

29
Domains

38
Subdomains

33
IPs

5
Countries

1193 kB
Transfer

2238 kB
Size

15
Cookies

72 HTTP transactions
0 data transactions