bluetriangle.com Open in urlscan Pro
199.60.103.99 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Submission: On February 22 via manual (February 22nd 2024, 7:44:59 pm UTC) from CA — Scanned from CA

Summary HTTP 119 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 40 IPs in 3 countries across 35 domains to perform 119 HTTP transactions. The main IP is 199.60.103.99, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is bluetriangle.com.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.

This is the only time bluetriangle.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	199.60.103.99 199.60.103.99	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	142.250.80.8 142.250.80.8	15169 (GOOGLE) (GOOGLE)
6	104.19.154.83 104.19.154.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	104.18.41.175 104.18.41.175	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.73.233.5 23.73.233.5	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.18.176.93 104.18.176.93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.40.68 104.18.40.68	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.35.170 142.251.35.170	15169 (GOOGLE) (GOOGLE)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.107.246.40 13.107.246.40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
6	172.64.146.132 172.64.146.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.81.227 142.250.81.227	15169 (GOOGLE) (GOOGLE)
4	18.196.170.251 18.196.170.251	16509 (AMAZON-02) (AMAZON-02)
3	142.251.35.174 142.251.35.174	15169 (GOOGLE) (GOOGLE)
3	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.155.83 104.19.155.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.77.186 104.16.77.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.124.12 104.18.124.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.231.163 104.17.231.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.75.101.160 34.75.101.160	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
2	23.40.179.200 23.40.179.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.22.59.128 104.22.59.128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.230.163.90 54.230.163.90	16509 (AMAZON-02) (AMAZON-02)
4	104.18.176.125 104.18.176.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.192.125 104.18.192.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.210.159.148 3.210.159.148	14618 (AMAZON-AES) (AMAZON-AES)
1	104.17.239.249 104.17.239.249	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.101.64.176 151.101.64.176	54113 (FASTLY) (FASTLY)
2	52.20.221.94 52.20.221.94	14618 (AMAZON-AES) (AMAZON-AES)
1 2	20.110.205.119 20.110.205.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
1	104.16.191.89 104.16.191.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	44.238.48.240 44.238.48.240	16509 (AMAZON-02) (AMAZON-02)
1	20.114.189.70 20.114.189.70	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
1	172.66.43.3 172.66.43.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
119	40

35 199.60.103.99 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

bluetriangle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.80.8 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.154.83 (None, )

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.18.41.175 (None, )

ASN13335 (CLOUDFLARENET, US)

assets.calendly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
calendly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.73.233.5 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-233-5.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.176.93 (None, )

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.40.68 (None, )

ASN13335 (CLOUDFLARENET, US)

pro.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.170 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.246.40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.64.146.132 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

5417298.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.81.227 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.196.170.251 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-170-251.eu-central-1.compute.amazonaws.com

data.hockeystack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.35.174 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.155.83 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.77.186 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.124.12 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.231.163 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.75.101.160 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 160.101.75.34.bc.googleusercontent.com

newbt.wpengine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.40.98 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.40.179.200 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-40-179-200.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.59.128 (None, )

ASN13335 (CLOUDFLARENET, US)

bluetriangledemo500z.btttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.163.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-163-90.ewr53.r.cloudfront.net

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.176.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.192.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.159.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-159-148.compute-1.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.239.249 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.64.176 (United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.20.221.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-221-94.compute-1.amazonaws.com

notifier-configs.airbrake.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.205.119 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.21.200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.191.89 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.238.48.240 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-48-240.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.114.189.70 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

t.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.43.3 (United States)

ASN13335 (CLOUDFLARENET, US)

d.tags11.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	bluetriangle.com bluetriangle.com	2 MB
9	calendly.com assets.calendly.com — Cisco Umbrella Rank: 13413 calendly.com — Cisco Umbrella Rank: 11239	756 KB
8	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 12580 js.hubspot.com — Cisco Umbrella Rank: 4538 app.hubspot.com — Cisco Umbrella Rank: 5489 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4459 track.hubspot.com — Cisco Umbrella Rank: 2372	35 KB
6	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4301 perf.hsforms.com — Cisco Umbrella Rank: 13630 forms-na1.hsforms.com — Cisco Umbrella Rank: 6907 perf-na1.hsforms.com — Cisco Umbrella Rank: 4877	6 KB
6	gstatic.com fonts.gstatic.com	47 KB
6	hubspotusercontent-na1.net 5417298.fs1.hubspotusercontent-na1.net	15 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 362 www.linkedin.com — Cisco Umbrella Rank: 631	2 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 777 c.clarity.ms — Cisco Umbrella Rank: 1351 t.clarity.ms — Cisco Umbrella Rank: 11922	12 KB
4	stripe.com js.stripe.com — Cisco Umbrella Rank: 1203 m.stripe.com — Cisco Umbrella Rank: 1170	169 KB
4	hockeystack.com data.hockeystack.com — Cisco Umbrella Rank: 69623	1 KB
3	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2217	17 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	263 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	71 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1281	16 KB
2	airbrake.io notifier-configs.airbrake.io — Cisco Umbrella Rank: 7488	490 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 800	33 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 233	82 KB
1	tags11.com d.tags11.com	1 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 103	185 B
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2453	1 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 242	766 B
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 4679	11 KB
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 11971	43 KB
1	btttag.com bluetriangledemo500z.btttag.com	32 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105	455 B
1	wpengine.com newbt.wpengine.com	650 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3140	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5018	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2213	22 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 316	8 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	1 KB
1	fontawesome.com pro.fontawesome.com — Cisco Umbrella Rank: 5192	16 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5583	6 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 3564	361 B
119	35

	Domain	Requested by
35	bluetriangle.com	bluetriangle.com
6	fonts.gstatic.com	fonts.googleapis.com
6	5417298.fs1.hubspotusercontent-na1.net	bluetriangle.com
5	assets.calendly.com	bluetriangle.com calendly.com assets.calendly.com
4	px.ads.linkedin.com	2 redirects bluetriangle.com bluetriangledemo500z.btttag.com
4	calendly.com	assets.calendly.com
4	data.hockeystack.com	cdn.jsdelivr.net
3	track.hubspot.com
3	js.stripe.com	assets.calendly.com js.stripe.com
3	perf.hsforms.com	bluetriangle.com
3	js.hs-banner.com	bluetriangle.com js.hs-banner.com
3	www.google-analytics.com	www.googletagmanager.com
3	www.googletagmanager.com	bluetriangle.com www.googletagmanager.com
2	connect.facebook.net	bluetriangle.com connect.facebook.net
2	c.clarity.ms	1 redirects
2	m.stripe.network	js.stripe.com m.stripe.network
2	notifier-configs.airbrake.io	assets.calendly.com
2	cta-service-cms2.hubspot.com	bluetriangle.com js.hubspot.com
2	snap.licdn.com	www.googletagmanager.com bluetriangle.com
2	www.clarity.ms	bluetriangle.com www.clarity.ms
2	cdnjs.cloudflare.com	bluetriangle.com cdnjs.cloudflare.com
1	d.tags11.com	bluetriangledemo500z.btttag.com
1	www.facebook.com
1	t.clarity.ms	bluetriangledemo500z.btttag.com
1	m.stripe.com	m.stripe.network
1	js.hs-scripts.com	www.googletagmanager.com
1	c.bing.com	1 redirects
1	perf-na1.hsforms.com	bluetriangle.com
1	w.usabilla.com	calendly.com
1	www.linkedin.com	1 redirects
1	forms-na1.hsforms.com	bluetriangle.com
1	forms.hsforms.com	bluetriangle.com
1	www.clickcease.com	bluetriangle.com
1	bluetriangledemo500z.btttag.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	newbt.wpengine.com	bluetriangle.com
1	app.hubspot.com	bluetriangle.com
1	js.hsadspixel.net	bluetriangle.com
1	js.hsleadflows.net	bluetriangle.com
1	js.hs-analytics.net	bluetriangle.com
1	js.hubspot.com	bluetriangle.com
1	cdn.jsdelivr.net	bluetriangle.com
1	fonts.googleapis.com	bluetriangle.com
1	pro.fontawesome.com	bluetriangle.com
1	static.hsappstatic.net	bluetriangle.com
1	s7.addthis.com	bluetriangle.com
1	no-cache.hubspot.com	bluetriangle.com
119	47

This site contains links to these domains. Also see Links.

Domain
www.thefrictionlessexperience.com
blog.bluetriangle.com
portal.bluetriangletech.com
www.linkedin.com
www.facebook.com
twitter.com
www.wired.com
www.bleepingcomputer.com
www.volexity.com
www.bluetriangle.com
www.grahamcluley.com
www.forbes.com
www.zdnet.com
otx.alienvault.com
www.riskiq.com
help.bluetriangle.com
university.bluetriangle.com
newbt.wpengine.com

Subject Issuer	Validity	Valid
bluetriangle.com GTS CA 1P5	`2024-01-25` - `2024-04-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
calendly.com E1	`2024-02-03` - `2024-05-03`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-09` - `2024-12-11`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.hockeystack.com R3	`2024-02-11` - `2024-05-11`	3 months	crt.sh
*.wpengine.com RapidSSL TLS RSA CA G1	`2023-08-01` - `2024-08-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
clickcease.com Amazon RSA 2048 M02	`2023-11-26` - `2024-12-24`	a year	crt.sh
w.usabilla.com Amazon RSA 2048 M03	`2023-12-12` - `2025-01-08`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-02-07` - `2024-05-09`	3 months	crt.sh
*.airbrake.io SSL.com RSA SSL subCA	`2023-10-11` - `2024-11-10`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-02` - `2024-03-01`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-22` - `2024-03-21`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh

This page contains 5 frames:

Primary Page: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Frame ID: F2041482180721E9B5C65C94D379E20D
Requests: 99 HTTP requests in this frame

Frame: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline
Frame ID: CFA999D52CA47FE9950C572798B74B59
Requests: 12 HTTP requests in this frame

Frame: https://w.usabilla.com/dc9688c7588b.js?lv=1
Frame ID: AA8D814746A352810D2DF90E94E49D4D
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 6C04D113680B049CF4E0D78A09F0AF60
Requests: 2 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 6E4A21479AF8148A2681A70F350C4CB0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Anatomy of a Magecart Attack and How to Protect Your Site in 2020

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

AddThis (Widgets) Expand

Calendly (Appointment scheduling) Expand

Overall confidence: 100%
Detected patterns

https://assets\.calendly\.com/assets/external/widget\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

119
Requests

98 %
HTTPS

0 %
IPv6

35
Domains

47
Subdomains

40
IPs

3
Countries

3833 kB
Transfer

8203 kB
Size

24
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://www.thefrictionlessexperience.com/
Title: Listen to the podcast

Search URL Search Domain Scan URL

URL: https://blog.bluetriangle.com/tag/white-papers
Title: eBooks

Search URL Search Domain Scan URL

URL: https://blog.bluetriangle.com/tag/webinar
Title: Webinars

Search URL Search Domain Scan URL

URL: https://portal.bluetriangletech.com/btportal/web/index.php?r=site%2Flogin
Title: Login

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site&text=The%20Anatomy%20of%20a%20Magecart%20Attack%20and%20How%20to%20Protect%20Your%20Site%20in%202020

Search URL Search Domain Scan URL

URL: https://www.wired.com/story/most-dangerous-people-on-internet-2018/
Title: WIRED's Most Dangerous People on the Internet

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/
Title: Macy's announced they were compromised

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/magecart-attackers-steal-card-info-from-focus-camera-shoppers/
Title: Focus Camera was hacked

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
Title: stealthily created a domain called

Search URL Search Domain Scan URL

URL: https://www.bluetriangle.com/industry-benchmarks/retail-us/?search=Macys
Title: Retail Benchmarks

Search URL Search Domain Scan URL

URL: https://www.grahamcluley.com/ticketmaster-is-hit-by-a-5-million-legal-action-after-online-payment-card-theft/

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/kateoflahertyuk/2019/07/08/british-airways-hit-with-record-fine-following-2018-cyberattack/#544c44eb1f8e
Title: a record-breaking GDPR fine of $229 million

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/one-in-five-magecart-infected-stores-get-reinfected-within-days/
Title: "infected (and cleaned) multiple times"

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/pulse/5ba9143be7c44e61aebe297f/
Title: known Magecart domains

Search URL Search Domain Scan URL

URL: https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/
Title: Ticketmaster UK was hacked in June 2018

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/magecart-skimmer-hits-hundreds-of-sites-in-ad-supply-chain-attack/
Title: Magecart compromised a retargeting script

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/magecart-group-leverages-zero-days-in-20-magento-extensions/
Title: vulnerable Magento extensions

Search URL Search Domain Scan URL

URL: https://www.bluetriangle.com/features/content-security-policy-manager/
Title: Content Security Policy Manager

Search URL Search Domain Scan URL

URL: https://help.bluetriangle.com/hc/en-us
Title: Help Center

Search URL Search Domain Scan URL

URL: https://university.bluetriangle.com/
Title: Blue Triangle University

Search URL Search Domain Scan URL

URL: https://help.bluetriangle.com/hc/en-us/categories/360001660994-Product-Training?__hstc=51647990.51abac3cbfb28fe4b5b26e6b39137ce3.1635185799310.1635781224361.1635784271621.27&__hssc=51647990.3.1635784271621&__hsfp=2238041096
Title: Product Training

Search URL Search Domain Scan URL

URL: https://help.bluetriangle.com/hc/en-us/community/topics
Title: Blue Triangle Community

Search URL Search Domain Scan URL

URL: https://blog.bluetriangle.com/tag/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://newbt.wpengine.com/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/blue-triangle-technologies/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BlueTriangleTechnologies/

Search URL Search Domain Scan URL

URL: https://twitter.com/_bluetriangle?lang=en

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D419778%26time%3D1708631093474%26li_adsId%3Db5d78f66-4bd3-43d9-a005-1c9860a651a2%26url%3Dhttps%253A%252F%252Fbluetriangle.com%252Fblog%252Fmagecart-attack-how-to-protect-your-site%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cookiesTest=true&liSync=true

Request Chain 102

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&RedC=c.clarity.ms&MXFR=0A69277C964D678F091E3351924D6933 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&MUID=06FC45E807C36C7634FA51C506E96DF6

119 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request magecart-attack-how-to-protect-your-site Show response
bluetriangle.com/blog/ 110 KB
20 KB 409ms
330ms Document
text/html 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fe58665717d181d7c179eaa75857f3fe083b452183eaeed97d9b1f18b5c13f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=60, max-age=0
cf-ray: 8599b9e57d12a23b-YYZ
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 22 Feb 2024 19:44:52 GMT
edge-cache-tag: CT-8880541776,CG-7354672154,P-5417298,W-91728782724,CW-91041416065,CW-91052724814,CW-91063888705,CW-91728369695,CW-92029376852,CW-96279666177,CW-96280327555,E-90499412629,E-90500988741,E-90501047592,E-90501050921,E-90501112134,E-90501113225,E-90501773133,E-90502122935,E-91069965182,E-91069965184,E-91076366622,E-91725263995,MENU-91728782724,PGS-ALL,SW-4,GC-91063888787,GC-91736051797,GC-92030745201,TS-90500382726
etag: W/"38736c53cccd27307eec9182cce00668"
last-modified: Thu, 22 Feb 2024 01:20:20 GMT
link: </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Y9bIGSfcP7dwJYoW1pF0317%2FYkqYCPpN2UWzdSqdXdRfHDa7y%2FvsuhEzO4IMlV1aAoiELydtEMO9YvSzkjW3oklJltwfLISMAnZVdrCXMA8PnAkDS3KYZsg8XugwHJnXmY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=60, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 8880541776
x-hs-hub-id: 5417298
x-hs-prerendered: Thu, 22 Feb 2024 01:20:20 GMT

GET
H2 200 project.js Show response
bluetriangle.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
896 B 83ms
81ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 d7e35fb15b3339fbd8a9457f22308ea0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7285081
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
server: cloudflare
etag: W/"ef84f26c310485299d6b75777414eddb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nn10Fx%2BDPiFkyg%2F7uSemRnrJqf7I9N5hsLgVS7Jh0CuM0K7dSAeug%2Fvifmj2I1AyMgTzH1NURETWGlcaCoAhkGAu2hurp16pSZt%2B%2BeZShO4GpfJuHEbH4pLWsvuWVZ79qIs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9e77813a23b-YYZ
x-amz-cf-id: RL8D9IruvymXt0-uN9X1GZcCAsbveyfglZgLHeRC_2ntBqwIE-uNgw==
expires: Fri, 21 Feb 2025 19:44:52 GMT

GET
H2 200 project.js Show response
bluetriangle.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 81ms
79ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 4ddb3602395856d6beaf04efda8919b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7204508
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0WvKSgDOt3pceo9DIxEZqp7U9lCRZon9P2662YDHKHQ0%2B%2Fm8NJXw13DXXw4KpGBRJqaZhnw%2B%2Bc295XFrR1iNqy2MOWWJd3UZG3e7zrEdTNkIvdaUXN2sVPpliQ4yhgF0UN0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9e77815a23b-YYZ
x-amz-cf-id: fQkadqseYOptvYE1Hvouzwxi4ZP28of7iLStiP3yFEhElrmaatm2bw==
expires: Fri, 21 Feb 2025 19:44:52 GMT

GET
H2 200 v2.js Show response
bluetriangle.com/_hcms/forms/ 481 KB
160 KB 129ms
128ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c96ffd41ebeae752a5c45a0ef1f924dd5273c09f71453d4d158e54d8610e64b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 552
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4733/bundles/project-v2.js&cfRay=8599ac6f969da214-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"99ad0d559dd43412bf3f831615c5b73b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4733/bundles/project-v2.js
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 06c1d28e93bdae8f6401a12c10b2f570.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: QAh2zQyNIaVN4nLxtOyq9RabbRMRGI_g
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 08443284-e286-4d19-a004-8274b74fa6b1
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 08443284-e286-4d19-a004-8274b74fa6b1
last-modified: Wed, 21 Feb 2024 09:29:57 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3eAxAPjHcEjJiWFCl17v63gBTEQ4vr9ayrsWNMas%2B2C7RXA5Gal1MFgctomYSSApZem7EI8RWASg7wza7r7xRa2hD6bkIU8AEnsrjUAev2%2Be64kb3mJHP3ZqfhPnofsSA%2Bw%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-hcbth
cf-ray: 8599b9e77816a23b-YYZ
x-amz-cf-id: COQt0QHJ2zdzdGP6TVnYsjz2XP9RakRvYOzBw97zkNbcbXCD7Gf-9w==

GET
H2 200 jquery-1.11.2.js Show response
bluetriangle.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 93ms
92ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 4076c9a26c97a2e765053f508fa5d748.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7300610
x-amz-cf-pop: YTO50-P1
x-amz-version-id: null
content-encoding: br
x-cache: RefreshHit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALjnsvJIcETX0no2F%2FIHRtmy0d09RKbkFncwmBOCiHJ47zh2d0XLxGG3pCNW4PpvnllI9DNzoSyEp3WP8LhwAK%2FHP%2B%2FLuuqj0cZb9ypGP4c%2BrzGIyqLGDY9h6xk%2F7bkmrLo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9e77819a23b-YYZ
x-amz-cf-id: XEhO7kVy7FUkQyY-b73Ofjz4MyDCjPJ1uC8zLdSBgfemvLkOL_K_Zw==
expires: Fri, 21 Feb 2025 19:44:52 GMT

GET
H2 200 main.min.css
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90502122935/1668510515505/Bluetriangle-Theme-Resource-Blog-2022/css/ 16 KB
6 KB 109ms
109ms Stylesheet
text/css 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90502122935/1668510515505/Bluetriangle-Theme-Resource-Blog-2022/css/main.min.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0816f43565bc51e89821caaa9b361610bffc6f5f33bad96ea6fd003ecd186923

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: YHW4SFJ5JWNH31PJ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"2dc744e8328f20f0ddd93319116de09e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510516439
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: CLN0vKY_zVj8DjSjdbDKLT6_dbmTdyip
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: c45e2e9f-7d05-4136-8f95-460e4b8737cb
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 235
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hgy9QM/vv7qYSYrkzTLwHu5SlRFhBh9GdMtsjJPNjaoMSDpTh+LqwsRnfydsdKC+wuIACGQxn2c=
x-evy-trace-route-configuration: listener_https/all
x-request-id: c45e2e9f-7d05-4136-8f95-460e4b8737cb
last-modified: Tue, 15 Nov 2022 11:08:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cc2EPwE7GRK9zRGHPgZ4CE%2FQ0nLQr9geYuplwOfCZWwN%2F08JMN69rq89kly4F40R7L0iqsIlT9%2BLOb%2F4wL9nDEL4TDygi%2BJu2uLSqMrYHCtdGdQIyARJIdi%2BSfhoTU83s%2FQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-wbfjx
access-control-allow-credentials: false
cf-ray: 8599b9e77811a23b-YYZ
x-amz-cf-id: ntvCiS23jM8lpRyosE_iHO413Tc1sDy3MlRHi5h5mpyHdSM4cJlrBA==

GET
H2 200 blog.min.css
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90499412629/1668510511765/Bluetriangle-Theme-Resource-Blog-2022/css/templates/ 975 B
1 KB 114ms
113ms Stylesheet
text/css 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90499412629/1668510511765/Bluetriangle-Theme-Resource-Blog-2022/css/templates/blog.min.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e70a3ecc59dfaa6ce03edce54d641a90146c5390fa859d472ecfdd804591618e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: DJMKJ0JY084M4SS9
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"278ae8722374790997febe8598c2267b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510512557
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: hVH6xe7_cjf5b2Rghb84lNvocgFKz7fw
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4e38a2bf-cae0-43bd-9ff0-1a26cb069a22
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 270
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YJpy9j4mlxN3NKyL45tXzCjRddpb+BDtMG5A9pPOfbVaAPZ15ZRthgj0trsbU+ppxeWDABHAB2/wRx39P2/I6iCgzSDKGo3RIYQ/mWuzEjo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4e38a2bf-cae0-43bd-9ff0-1a26cb069a22
last-modified: Tue, 15 Nov 2022 11:08:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hrFgepHswkKSwJnmYV9aceQAkWhLZanqXFilSmgwkIogfPQ0JvCO%2FyRxXGdQpgdNgKbD6HCxSACHYosxe%2B%2FxFhIYkDhJ1I9GM6SKH26Dp099dvDFkkL%2Fa7j0xYObxwURVJc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-f4gp4
access-control-allow-credentials: false
cf-ray: 8599b9e77821a23b-YYZ
x-amz-cf-id: DiSqi51k1-c7s007bZT19v2mgWy_bd_ZOq0JtoPvR1nRKuLe4aWSAQ==

GET
H2 200 owl.carousel.min.css
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91069965184/1668510508414/Bluetriangle-Theme-Resource-Blog-2022/css/ 3 KB
2 KB 134ms
133ms Stylesheet
text/css 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91069965184/1668510508414/Bluetriangle-Theme-Resource-Blog-2022/css/owl.carousel.min.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 9DYW97ECZZA21BP6
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b2752a850d44f50036628eeaef3bfcfa"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510508414
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mW911IHhu.2p2pxleCoVQMa4Y0L_fhaG
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 87bdf0c4-12ce-4001-be4e-aa30f151b7ec
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 213
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GNY3E0nHJx+T9rk2aZHzihK3d6JcVd4FzoU1Chs+1qqfFjc+ySU/8idQSDRUqzWotjYhwEh3tUU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 87bdf0c4-12ce-4001-be4e-aa30f151b7ec
last-modified: Tue, 15 Nov 2022 11:08:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25z%2FnTDlOVTjpmb9WPPidncGKI%2Fd9cDy%2FO6%2BfMULp3KmI1VzXjCg3waPBHBwDWKPODyDJq8rTjPa4o4nmDjfn4PkFaUUh8FtfGSKylhhe2tfgqzpwJxmeND0thzN0SCIOmg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-v96mf
access-control-allow-credentials: false
cf-ray: 8599b9e77823a23b-YYZ
x-amz-cf-id: FRuKTr0dk0uOEKsjKlNFrH2aTaTxZWJCb8JzAZ2LPdG6aAUJShTqBA==

GET
H2 200 theme-overrides.min.css
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/ 127 KB
24 KB 184ms
183ms Stylesheet
text/css 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c4afeb9a81ca3b60c5dc142dd649ee4a16f73cff1980af717f57e76474a515

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: SZCNM0NWFKHW5GHD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"4e3b0901775f6b433716234e9ee5a9f0"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1695204313118
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: AhTEzm4tQiPeQR4q.EpKPLkOVKlqQAJi
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1d2df92a-ef09-4da9-b57e-b774c3382c28
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 263
alt-svc: h3=":443"; ma=86400
x-amz-id-2: WDTiCZfuxmsY1ZP/y/H6UjGeEttfjJo/2gpi/lMkML5f0k170BPTQOCahwKwGnh2gw01hLl57w0=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1d2df92a-ef09-4da9-b57e-b774c3382c28
last-modified: Wed, 20 Sep 2023 10:05:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nxv6xdYfwp71ZHqZ0SfGVgiof2RrkKJpWvUiEz9prGg46d1G%2FZ%2FzRO1dDJZmZzL3271BaMqoULgWMyeC9bKus2AhdkVazUJk5o3JLRGjp%2F8SFbyv1AYk4%2FgvQn3IqjRnVSQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-wbfjx
access-control-allow-credentials: false
cf-ray: 8599b9e77824a23b-YYZ
x-amz-cf-id: 64PL-aP-fixNlrBEs308VBCR5WRcdtszykG9D9mUO8ZUiQ3Hk6Jlsw==

GET
H2 200 module_92029376852_Footer_Module_2022.min.css
bluetriangle.com/hs-fs/hub/5417298/hub_generated/module_assets/92029376852/1671718909505/ 406 B
1 KB 115ms
114ms Stylesheet
text/css 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/module_assets/92029376852/1671718909505/module_92029376852_Footer_Module_2022.min.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf9491fe9491befe7774f230174372517715f42ddd86e66acbc5d3f862c684b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: Z33XF9YWF8KDJSSC
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d4bb8c6aae6904d27eb9bf20fba82bd9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1671718909505
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: aWA.aPiKNhUH0zpEjMUqpREmuhttRol7
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 43115570-cb7a-4921-ae57-b9fbafacc98b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 182
alt-svc: h3=":443"; ma=86400
x-amz-id-2: l0JovXQBs/UNYuP3kkt4WLKJDixM7ST4kBk2qHpzXQLeCBgGntq0H+l5sg3/XAJHR/zgL+lfHeM=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 43115570-cb7a-4921-ae57-b9fbafacc98b
last-modified: Thu, 22 Dec 2022 14:21:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6z9pNvr%2Ba3W2NzalC5QWpVpDjkj%2FqbC2GiiGz%2BFa%2FO4v7Fe7%2FBjU9KXXu4yx2qYXDEIJYFCDiZaEV8qVmZk5h39yP4ROmoRIyqC8sNg50mH80ZDugUyVwnjWEKmB86DatO0%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-wbfjx
access-control-allow-credentials: false
cf-ray: 8599b9e77825a23b-YYZ
x-amz-cf-id: PIfn7chnJomrRvgIjgDGMUvZ2dueTtU3tGdNTLIsPylUBpaS5j8kYw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 295 KB
95 KB 166ms
64ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5GRDCZF1Q1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f9f16cd561f16deb176c3cd299133323db701824399abc5a984352dc341d0565

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 22 Feb 2024 19:44:52 GMT

GET
H2 200 BT-WHITE-C.svg
bluetriangle.com/hubfs/ 9 KB
4 KB 337ms
337ms Image
image/svg+xml 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/BT-WHITE-C.svg

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7e4fe850a3becbabf45215b05085240a80d738f51a0e74d7e02f971c8f3ffdd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-123714986371,P-5417298,FLS-ALL
x-amz-request-id: 9RFMAD1GC93WN9R4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-123714986371,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"85868af086c6854e23dee3953c2b937f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1688715659035
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 2abaa6585800272f03e152fa41c7b7b6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3bpCsJH1Ebkzl18q7GT9tSHObGJmDam5
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-123714986371,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vit2mUDC6yaywDVWNpqkIYpP9WEl2sGwlZYHw23HvP1iz+MZUkYLfn+4vEP6tb5530PkI2E08FQ=
last-modified: Fri, 07 Jul 2023 07:41:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ynplCirDUApx0W4VCCABWY7e25m3mI%2BUozN%2F7uulrIsStrI%2Fs0o0W%2BYrOb7aM4SKtdkxFchdndaM0jGdoq3%2BtyfIBI9h3tkMthjc1suVmzqjxcC7utGwt%2F6urbXNtDPyjA%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8599b9e77827a23b-YYZ
x-amz-cf-id: fQwF8ePuTbHLsVtiqA5SjAp89K5ijlRH2dKb-ITbdaBBFRcuXNftyw==

GET
H2 200 Holiday%20eBook%20Cover.png
bluetriangle.com/hubfs/ 489 KB
490 KB 447ms
446ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/Holiday%20eBook%20Cover.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a49c840d89180c7ccb5e16edc4121cba01c6dd17d23bda32a446ddc7c0d87e60

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-129060260004,P-5417298,FLS-ALL
x-amz-request-id: 9RFRY0KXFT32RC3S
x-amz-server-side-encryption: AES256
edge-cache-tag: F-129060260004,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "39e88cd1c5cef7fe7a5f8e03f2bff04a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691509112321
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 6c2e1b939c753ac053c3f8fb52de1bbc.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: z.rUjaik9yIQCPNfzChSJAGj8XiBK3P7
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-129060260004,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 500528
x-amz-id-2: bliZMpOKYC86K80LbcwuWZbTIxjWTVIt0GR+HWwcRyyLjZ3yjKy7bxutRyjRtwhIq4ZDd97tfxk=
last-modified: Tue, 08 Aug 2023 15:38:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaDFhBIGT0DuBOJbWIoKwdOS5x5%2B%2FN6yQZKOfuYOqkNvxg0A1VbpM8Q1YkQdhltNG8VJ4xPP%2BallocPFsFP0jGnz7hMAYAW7TYDrZMj5fS5OUabc5PoliQJMsq9asa3ZaU8%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8599b9e7a84ea23b-YYZ
x-amz-cf-id: bmrccpPsFlryscsRwM0JVFFeislEutWIQpqm-Z8ZHXLti7Gy3w9NMQ==

GET
H3 200 total-tag-control-hacker-02.png
bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/ 14 KB
15 KB 685ms
685ms Image
image/webp 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/total-tag-control-hacker-02.png?width=500&name=total-tag-control-hacker-02.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

574433925af60da2dd02d84eaeb28918a9b3765fcfc285917e24b64b9cdf9105

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 415bce851abed41a15ccdf56a782926a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-7578608848,FD-7578550625,P-5417298,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 14284
cf-resized: internal=ok/m q=0 n=340+0 c=60+149 v=2024.1.3 l=14284
last-modified: Wed, 13 Feb 2019 19:47:19 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfHsOPHHs9bUR52BO-4t0LWhsJFZZl4k7TeoOCubqkDQ:4c4d3ff4cf26b95bf23d145568dd311f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCCPJKF8rSmyMO7vlR07W5FERMuKA6fya6TL68CsEwHPIG3TKWb5kqg93xiIpXhb1K1xMdxk5jciAwBQm9PpcLS7hI%2BU4kgIBhD71PNI5lBI3Gw5hUdnMpI%2B7azPpScJ4Ec%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99dcb53e3-YYZ

GET
H3 200 newegg%20magecart%20script%20callout.png
bluetriangle.com/hubfs/ 75 KB
76 KB 490ms
490ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/newegg%20magecart%20script%20callout.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

00e23270683c62ec0ffccb7fd77235f8b05d457990ad9ea7f8392c567b1189a3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 0bbe1afd68cbde0610c74f8f63064de8.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-8926923508,P-5417298,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YTO50-C2
x-amz-request-id: 9RFHZ7A25N0G0ZVN
x-amz-version-id: GUZiWsaSwkCTKZ21OxqkI13vLnu1HodJ
edge-cache-tag: F-8926923508,P-5417298,FLS-ALL
cache-tag: F-8926923508,P-5417298,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 76839
x-amz-id-2: lo1ogfQ4MxvBeRH2VBTg16tgvEqfd3PpECUzAEPqMrRxvj0x3ZvwSyGpfFLF+74klM4/VxfER1WeC5eRZmemRg==
last-modified: Tue, 16 Apr 2019 20:45:30 GMT
server: cloudflare
etag: "ddbce427749b5d9e728a402209fffaec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lv57c8b4PLd7p8RfdISWpTpEJIU9Fj9%2FNNhrdHH704%2BJzRdLoq2eRQTO2qkil5lLxXWyeIfsaRbYH34VcLTYdVyv%2F%2F1IkecK9nj%2B81vLLdIfFD0UeauY0MFY1f4JRGYCxW0%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99dcf53e3-YYZ
x-amz-cf-id: UD9dYREJJD1-U0a4AWvS03x2X62iCgvRDaCmAkkkh2Kf3cPU0P4ssA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 image-102.png
bluetriangle.com/hubfs/ 73 KB
74 KB 502ms
502ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/image-102.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

09efeaffa3560b98c2ffd65e4add418fa1406463902a1b0fdd643abd0816f912

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 b6b3763e07a2a3280ef90f8be16c62e2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-21602540414,P-5417298,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YTO50-C2
x-amz-request-id: 9RFW70JNWM546RMS
x-amz-version-id: JlUkFl20ByyuWSbQcZ54r1dRnCPw8Cum
edge-cache-tag: F-21602540414,P-5417298,FLS-ALL
cache-tag: F-21602540414,P-5417298,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 74539
x-amz-id-2: rUXbOVWi53UtQEX18tttNI9eiYKKwiKJzMifKnRnZlw2zVaxFesKEgUGXbeHM3xvvAFXJVWefDdEKsyaqgXnWw==
last-modified: Wed, 20 Nov 2019 16:17:18 GMT
server: cloudflare
etag: "2d360b8be90f1b7ff9e906a4589138d0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IOVTQ9lpWeoUonNYubA0yvv4x0CWMre%2F8O4%2Fs24SHDdZ%2F3441NU8gu30h9F5dzhskoUI6I%2BpPIu5utuZ1jAMYVyc0SikoPdp4wuOhrTOh3GbeNLcy1TAlr4bTcNBmXYswv4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99dd253e3-YYZ
x-amz-cf-id: REY_6u-Nnue97UDE5AFtgAPK-GJJuwJZcPmIlZyWxUP8qYBhC8zXhg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 image-38.png
bluetriangle.com/hs-fs/hubfs/ 14 KB
15 KB 515ms
514ms Image
image/webp 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hubfs/image-38.png?width=500&name=image-38.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f1eeddbb5ae8cfbb17c224a09029987a65fd2c85961e5512b0045f690864be6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f9d15981ea6a6978c168c18f8715df8.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-8926924432,P-5417298,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 14242
cf-resized: internal=ok/m q=0 n=355+0 c=9+29 v=2024.1.3 l=14242
last-modified: Tue, 16 Apr 2019 20:56:00 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfOrqNjtQxNTpXG3W6xUDKAgZPFZZl4k7TeoOCubqkDQ:3fa24ccb9495660a3cbd830ee2da57e6"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Orj7QUsdXQvTrOEj2GcOaT%2FHTa8JpMlBI%2FlnGRga11S4ZigylTSGjD2uUm87usVwcKcxO3oCgtnYyOQn1Sgpk4shW3V8kkrbyB3Y3do%2BJYARKe4Qv6VCkX%2FoNkB2qj6Hz7c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99de353e3-YYZ

GET
H3 200 composition%20first%20party%20vs%20third%20party.png
bluetriangle.com/hs-fs/hubfs/ 15 KB
16 KB 548ms
548ms Image
image/webp 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hubfs/composition%20first%20party%20vs%20third%20party.png?width=1098&name=composition%20first%20party%20vs%20third%20party.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9582eafa6d483fe77dc2c55a2ed3d57902ce056f43bb32f6edc87a27f1bafc9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 3f97ce77b80aa342632c43cea94d6262.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-8951262685,P-5417298,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 15150
cf-resized: internal=ok/m q=0 n=343+0 c=2+65 v=2024.1.3 l=15150
last-modified: Wed, 17 Apr 2019 18:59:45 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfak0cGz0-Ug0JOfCRKJfooSuOOwIlZHLJJ060Ab7jDQ:ab2f84ee20d49d54079e277aab32dbce"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z7i2MYjkHg5Z1SUoXUep8ljahgav7XICv4Laf70RvhZgkzqPb%2BPB6%2B%2F9Wv%2BUsCc8xtfK6Sky2nAVvxzlUBH5pMG8CVZZV8AJdhxhfPsiz6YBPdsTYQD3VipeUDUxFmN%2BWRs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99de653e3-YYZ

GET
H3 200 image-40.png
bluetriangle.com/hubfs/ 298 KB
299 KB 566ms
566ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/image-40.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

622faf9dabe778ee842664538837750c426f1f73253c51e0bceaa845957d3e85

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 a65e8802f41d2805ddc8578873f004a2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-8953623848,P-5417298,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YTO50-C2
x-amz-request-id: 9RFMAKK1V6FESH4V
x-amz-version-id: f2ZlhZHXj3SjaZrE10bNqNUSIpAzuwrS
edge-cache-tag: F-8953623848,P-5417298,FLS-ALL
cache-tag: F-8953623848,P-5417298,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 305092
x-amz-id-2: HOn/pwXiDhbf4mWyF40kSMRXuLI5REEGZHsf4/NLScn+qBkx8nj6Z192GjgdyPdUJiBG+9wQ/olfdVjiRY57ZA==
last-modified: Wed, 17 Apr 2019 19:27:09 GMT
server: cloudflare
etag: "782732ac9fe878ad7437f61f3369083d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3bCFg9eH9lXPIZdI2DGSuTLA1NIcriWIPGuz0nCHWQ3AMk6tj7dXcVTHKht%2FqQnmw0prNOOWscSvVpeVnhvN5hrFw%2F19iymtyYMXc5NkI153v%2BKB8bRo4WyYTKiQEv3XERQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99deb53e3-YYZ
x-amz-cf-id: gXOpFslBkRCTFwWcEBd3JPKFkueByohaeN9xq4H3PN_f-Pv9BwDV1w==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 csp-manager-hacker.png
bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/ 17 KB
18 KB 722ms
722ms Image
image/webp 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/csp-manager-hacker.png?width=600&name=csp-manager-hacker.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

00dc1ed21f06e04e081cdf188c55b5d71436d19936db3929e9e98573d7f7ab3b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 70853fab189cfb8c99abfcbca0e10266.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-7578319198,FD-7578550625,P-5417298,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 17262
cf-resized: internal=ok/m q=0 n=275+312 c=0+0 v=2024.1.3 l=17262
last-modified: Wed, 13 Feb 2019 19:46:41 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfO4dGonruJvEgdAQhlNsegmCOe_YPQ8NgyooicLtuDQ:f4fd784ee77da81e8775a4cfca09980d"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FvwClp1ol%2BvFXUIK78QeGWihQqrJVvAx1SZbX%2BxK7S0M3XBLi1pXcqMjkotISMm%2BgEg8AJ4OZkQLfkwsn%2BEj0X3DEVWuU3ybHJR1I1%2FZkPDhv4M%2FiIKDSFJJVp24SVN4cc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99dee53e3-YYZ

GET
H3 200 total-tag-control-image-2.png
bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/ 137 KB
138 KB 1288ms
1288ms Image
image/webp 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hubfs/Imported_Blog_Media/total-tag-control-image-2.png?width=1876&name=total-tag-control-image-2.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca0333156834755ab62ae53e9b751af4dac581997ff0cb0e26cbccb003bd2b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c892814cd49a1aa7218fdfabfbac856.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-7578318638,FD-7578550625,P-5417298,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 140344
cf-resized: internal=ok/m q=0 n=328+0 c=51+754 v=2024.1.3 l=140344
last-modified: Wed, 13 Feb 2019 19:46:15 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf3GdWPHy0BTBXvo0cFm_n_KXML1nfXtur4lV4Bqu8DQ:a96844cd10e1cdfac4cd3fe2a103a3fc"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SoKKQWcXWL9lKj4xM3mwFsxp0sT61H00XhzKVYieEamyR78TCB4rokL%2Frp%2FyBU41T6BG6dkTwXLL04mY2rAomg7VMkfXcBeMGvQ2WYZaW96A5dKSmrCZFxCqfNLDa%2FOFjTo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99df153e3-YYZ

GET
H2 200 66b04195-5274-4fb4-b37e-b7858df94db1.png
no-cache.hubspot.com/cta/default/5417298/ 5 KB
6 KB 244ms
164ms Image
image/png 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5417298/66b04195-5274-4fb4-b37e-b7858df94db1.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

776746fcb8c8067d9a60fdd74f723cfe17c0cea2c44b5366394422017da20a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: 9RFKB3JCR80EAYSS
x-amz-server-side-encryption: AES256
content-length: 4701
x-amz-id-2: DO1I7auM0oHuAM/YmAUnGxMdPUJVlOlPjyHIDjQPTzyGBrkW86G4kUiHdvkFL20sNzU+PgcvOZU=
last-modified: Fri, 18 Sep 2020 16:07:03 GMT
server: cloudflare
etag: "6f81b52757e52d9758328bf923673592"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lA7vNZ50xWqZVckpEAvBHy%2F07Dks9q8xh2GLzu%2BXK2AfHZRzphmVk%2FGSg4aCcP5wVYuOYeR86wM0YN2J4h4fzcFGZC5vdizVrbtIwDV7YRB%2B%2BRWttL9AB2mRAqJfFR7pf3A60Ilo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8599b9ea2fd17114-YYZ

GET
H3 200 current.js Show response
bluetriangle.com/hs/cta/cta/ 18 KB
8 KB 142ms
142ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/cta/cta/current.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7d4517c08bd45d9c379997b693687663a2471c927810bdcac5a8772c68e741

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 374
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.258/bundles/current.js&cfRay=8599b0c9159053e3-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"95737e927a3038e3528bc4fdd069fbeb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.258/bundles/current.js
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: D_jvS6jy9FLgzk8cWis5IHsS7l5vauMB
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: d0942b5c-66d3-4bf4-bc78-3b1b1a5e6473
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: d0942b5c-66d3-4bf4-bc78-3b1b1a5e6473
last-modified: Tue, 13 Feb 2024 11:42:13 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pmrvvBBNo0I2%2Bky43BBYfZkO7x9eiX%2FrFCI%2B81swIwXBr8umDuE%2B6glkZJvUlAyNjyTTJGwiuxlwhV8TB%2Btrir%2B0K1PSsFcib0WbNEc8b41XcY5FzpRdFJBqAoray45PgU%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-28qr8
cf-ray: 8599b9e99dd553e3-YYZ
x-amz-cf-id: 8Zrg7HqsMnOef_xwVu6P867YXfNdgvPEll0UWEu9HSpy0cDYIJi4og==

GET
H2 200 widget.js Show response
assets.calendly.com/assets/external/ 53 KB
19 KB 196ms
125ms Script
application/javascript 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/external/widget.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3eb9b294b344cf47c2af14fafe8528fccc545cb25b9325802a3bd1b0696171b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 21 Feb 2024 21:28:30 GMT
cf-bgj: minify
server: cloudflare
age: 115
etag: W/"3be18f0a18cf9980a421cf1577f639f4"
vary: Accept-Encoding
content-type: application/javascript
content-encoding: br
cache-control: public, max-age=300
cf-ray: 8599b9ea2e5ea208-YYZ
expires: Fri, 23 Feb 2024 19:44:52 GMT

GET
H3 200 the-anatomy-of-a-magecart-attack-featured-iamge.png
bluetriangle.com/hubfs/ 518 KB
519 KB 431ms
431ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/the-anatomy-of-a-magecart-attack-featured-iamge.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

559d3222f76f6992d0dc335f3ebee4647962c126c7916b196c5e719411fcdf95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 fa233eda5c1020134ebe64d4b888f816.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-8973445120,P-5417298,FLS-ALL
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: YTO50-C2
x-amz-request-id: 9RFJ4DK7Q0JNMSBB
x-amz-version-id: mGN2E5yUBUryvrf5K2TeoyVO3bxMgHJH
edge-cache-tag: F-8973445120,P-5417298,FLS-ALL
cache-tag: F-8973445120,P-5417298,FLS-ALL
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 530461
x-amz-id-2: Q9U4Rvr7PBiY0Q6CLLl40vQ50OXOR9CMF6dpWNX9WV259D0ZedPdHNTX+QOVnP0gcFQhkvmodzI=
last-modified: Thu, 18 Apr 2019 14:56:16 GMT
server: cloudflare
etag: "73ad7f0ef8d97e5ba717bdcc33c8a08a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDb4fQA2qmH3wqAYMo7pxKgNY7a8%2BhTZVlWEQjZ64t%2BGAKvU2rBEXt3Q8uhcnHAAxxSRvFbajqggH2WMgXm9F0dFCwLDnTEZTpEIRWIJ7yWkjD5RkXb%2FfbkTDeC7Ud08ijU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8599b9e99df653e3-YYZ
x-amz-cf-id: wWEEkT7A4diw-bX-e--CvWMGxI1vIbTD1lK6RX16e6vVOW5YIRcjmA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 cta-arrow.png
bluetriangle.com/hubfs/Bluetriangle%20Blog%202022/images/ 173 B
1 KB 340ms
340ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/Bluetriangle%20Blog%202022/images/cta-arrow.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c08b26454b2056df62e06dfe14697bfa8b14413d2c71bb2b11233cbaa582c25

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
x-amz-request-id: WXTS9NF9JAR2BRC1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "06f4bcc0543f53ede30882d095ae77e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667798579478
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 3f97ce77b80aa342632c43cea94d6262.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KAgehLbLi5fj50dVAKEzDoYmnKwbdhAX
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 173
x-amz-id-2: mLegVIAnRqiGmrdaTdjAABIBM7albCeia2vGxNB1gMQM7STL4Gb3bQOIk1CybYQ0BIF9GuY9FR0=
last-modified: Mon, 07 Nov 2022 05:23:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FbPkIaQ8WlYhp3JN%2FtCckiPm99efsimBHkER1RaXDpHiS1tLplQ4djo4wpW4kiTRWHckmpRfFdvb18y%2BBwNm7fGbLKidSpcC9YVKkiiyB%2B6Zg0phkgfEWHXsVW9rZJ%2Fahp8%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8599b9e99dfb53e3-YYZ
x-amz-cf-id: ANV4szKlJlAXOlVknqH46KKEyWR_L_Kz0XbzTKAook6EuYZPcs53Ag==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
361 B 212ms
57ms Script
text/javascript 23.73.233.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.73.233.5 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-73-233-5.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 19:44:52 GMT
server: Oracle API Gateway
opc-request-id: /34C0B3DE5142B6D920B43AC39F80798B/3AE6B785CB6FA5B3A1C4D1E0E251CE25
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H3 200 read-our-reviews.svg
bluetriangle.com/hubfs/Bluetriangle%20Blog%202022/images/ 4 KB
3 KB 356ms
356ms Image
image/svg+xml 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/Bluetriangle%20Blog%202022/images/read-our-reviews.svg

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c2b226df1b47bf72f0883335413060def803191a5f37b3da3fbc6d6b571f1e0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-92037107497,FD-90760640880,P-5417298,FLS-ALL
x-amz-request-id: 06BGXPN3PXX7RCW3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-92037107497,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"35906af48458d86ff7e0d5fcb6ea5694"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1668692832563
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 b6b3763e07a2a3280ef90f8be16c62e2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _qyDPC46FKzW1CSQdTQ9.vD5RbbyIqEw
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-92037107497,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pEH3AwJMZGe7CC3no/lEAdtUL6+WGbUL//Kn1drF5egsK3za9I5+OLrp6FkSxpFSRV2Lpfy7yb13AluFpxiNag==
last-modified: Thu, 17 Nov 2022 13:47:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2BFqec0TYRrOSmkuWHeHMFjVPQwjUsOSMRzVT3EKz7cubYYFHDvT1wzXWZ4xedw4Qj8PWWHCdhcW6Fo35ou0QcFOiuLt7mmJA9vZStN%2FSq0WrnbR5qgwLtOg%2FdEoWJQgw7w%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8599b9e99dff53e3-YYZ
x-amz-cf-id: Lt8w8x86TiDvYJ_VPKmqgTIbEFv-AZ0tm5mVY75-gjO8ZbIX-OIfbw==

GET
H3 200 BT-ALL-C.svg
bluetriangle.com/hubfs/ 9 KB
4 KB 403ms
403ms Image
image/svg+xml 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/BT-ALL-C.svg

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ab9900a87522e2048902d4e744b6bf373c2a4f6463859c8966fe95099226b6a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-123715111509,P-5417298,FLS-ALL
x-amz-request-id: 9RFJM1XWVRKZH167
x-amz-server-side-encryption: AES256
edge-cache-tag: F-123715111509,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d5f4b105a176cc5bbb6323594e7bf801"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1688715718567
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 b90bbd3e21074296bb0c0cac8328de62.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wnss2jailfXXUq5WJ6v3E07aQVuDnRDP
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-123715111509,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 983qSiht6BE1GMhGbH4/TLGeDoLqrwojJqfvQe2QNQgfyuVMVn1AmBtZbky8d5TIyEQk7jtnYQxApWv8GYxi6jR3xdJoqwwy
last-modified: Fri, 07 Jul 2023 07:41:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o6ET1EF7tnA%2Bem4YCZIkUGGKjgJy%2B3wj8XALIC1bC3dOgRBKnokHI80%2BO6E7W3HpJiy1MpClMPsjdouVX6dR0KgocCulZ%2BTQEF4PwD3LeYd3QB7zxQP0jeBQCm2cq8R60U8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8599b9e99e0653e3-YYZ
x-amz-cf-id: Ay7uzz7MSdzh2eY1S2RsDh09UfBkCodVo_DCFAsgJNLEwCyJQs3qDg==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 107ms
50ms Script
application/javascript 104.18.176.93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.93 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 2cf47d29654db45db9bba43a6d5a68e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: YTO50-P1
age: 118290
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgYWxOYe1XYOP%2BqtOfQ7yLbQ3K5YHhLxtZIbhKF3UkxqZVN6gTkO2HMmsgEEhzn9Q0Qi0cQnw554MOd9lt3DZtmH3qyg%2B5ZJqL%2F8L28W%2Fr9QE66T%2FHk6lNMrAqa2EXZXqzCud70O%2Bg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9ea0ec136a9-YYZ
x-amz-cf-id: tBHkRrFKz_CdpS4TT3z2zDOFhMMQ0iJhJurHAQYei-UNXrCmNF24Ow==
expires: Fri, 21 Feb 2025 19:44:52 GMT

GET
H3 200 main.min.js Show response
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501047592/1668510515798/Bluetriangle-Theme-Resource-Blog-2022/js/ 2 KB
2 KB 166ms
166ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501047592/1668510515798/Bluetriangle-Theme-Resource-Blog-2022/js/main.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3377f892c039fa7a6edf1d077fbb770b4a54490f8ed5a32fc735f357e5beaf57

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: S9TFZ945JE740R2S
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"35078a10112da6c03894e5c386f565ea"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510516002
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: BXqxENulVFqRKnH5PU58_xbODvx.fnID
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ac7d7f1f-7bf8-4650-b6bd-48ad4d37c494
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 158
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OQYf0ja2jr3Vu8zyFwZt66IrwrbUg2574f/oYL9DzRri8O1W4RgdLf9of/6aRw4qsGV7OYBpTQE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ac7d7f1f-7bf8-4650-b6bd-48ad4d37c494
last-modified: Tue, 15 Nov 2022 11:08:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsLW22DSwVF77TH5gOgHqj6HY2G5prLZ5JtDK1MBzTqpWM4dE86UKzgn%2BCYyDGGyj7wsW9oGEWFaPFMrAT%2B%2FTw9AJZ3I5yS14Nsu83e%2B1bC%2BNb6%2BsNVPDFhJXX2fxTxFIN4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 8599b9e99dd853e3-YYZ
x-amz-cf-id: oA3uE6-DGe2i9B_qsgiJb0JToPRIGGv3drP2qsz4kr30N3As2TA6dQ==

GET
H3 200 menu.min.js Show response
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91725263995/1668510514419/Bluetriangle-Theme-Resource-Blog-2022/js/ 5 KB
3 KB 143ms
142ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91725263995/1668510514419/Bluetriangle-Theme-Resource-Blog-2022/js/menu.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb2fd6be44bd4579b0f2874634b177065d0ec8a4cc234bd93d990b497e496996

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: A45GT0DHSSEXGZQ4
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"de848f5b3609d89fce7aa2f701c3f1e6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510514726
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 c2ab43aa4f5ff7b5cc58894f6a8494bc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .mVtrdh7whFT4HxZ4YqCJbzzcjFWSChc
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 8be16a75-1a9c-4847-872e-13bf8e61f49b
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 196
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 98RgXLnMES+xUDOxXELGREjUgdD2WGo+nomutHOQDcodteLxWzPPJbUkEwwTgIfaoMecwM4sSJE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 8be16a75-1a9c-4847-872e-13bf8e61f49b
last-modified: Tue, 15 Nov 2022 11:08:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSgCfelYMlTuK%2Fehd8txTt1nJiQ6YTuMlZ7kAVN3iBh0Rq%2FjfFWvoEGMmvvYcrwLlUnUy3C0TYGVJwN1DOqNODb0JTbBUe1fDJ0XX0lLgPWbBiLmRwTJJj3U6RDYTEynICk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-5sf4f
access-control-allow-credentials: false
cf-ray: 8599b9e99ddd53e3-YYZ
x-amz-cf-id: UqzFY567a3cx5L9y8YmBqSIwOM7w7kBsYNTZJFsDxBPL6Wx53MT-_A==

GET
H3 200 owl.carousel.min.js Show response
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91069965182/1668510513474/Bluetriangle-Theme-Resource-Blog-2022/js/ 43 KB
13 KB 114ms
113ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91069965182/1668510513474/Bluetriangle-Theme-Resource-Blog-2022/js/owl.carousel.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: MSBHDHKYWBKZDCMA
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"f416f9031fef25ae25ba9756e3eb6978"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510513474
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 05c82d802dd7dc7f98fd5d5083d604ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Na0F6vKUtcNovPjtk1b9b8t9lGvUer91
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5306e528-4ed4-45ca-ba32-3c7669d7e1b7
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
alt-svc: h3=":443"; ma=86400
x-amz-id-2: taZzNRY5fRK1NfOXYutF37EdT5KyI77e1STZh5R2EpsuH603aF7Lqirwbl501ocskYgLp+I4RtQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5306e528-4ed4-45ca-ba32-3c7669d7e1b7
last-modified: Tue, 15 Nov 2022 11:08:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ny1dYT0Zu3iEkLeWGtzocDVmR7kqxPJz96lgP73XdT9%2BD3REPTcX3XuygNIh5RhcHg8fxAaavL3ejqh3X6vP%2FGw0pjUd%2B3qNMVc%2F2t8sWMGhnM1kLxmK0mLeiXVvxii2FxE%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-2skps
access-control-allow-credentials: false
cf-ray: 8599b9e99ddf53e3-YYZ
x-amz-cf-id: EcHleex-OZrMRChEikXpomDTFW1Y4GCGvH30Gxxrsl6OlsVseMCWsw==

GET
H3 200 jquery.sticky-kit.min.js Show response
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91076366622/1668510512601/Bluetriangle-Theme-Resource-Blog-2022/js/ 3 KB
3 KB 144ms
144ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/91076366622/1668510512601/Bluetriangle-Theme-Resource-Blog-2022/js/jquery.sticky-kit.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

aea9247caa72834f36dc478737e62fe270bd543ade4c8a7b4f7349d4573dce30

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 0FK22Q8ARJ214S6T
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e174277c4102323d6552aa6c924214a9"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1668510512601
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: u2cyaaKpug1CvouG43X.FRCxCyj.1XeW
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 30bb86a5-2ea5-4a1a-a8a4-d7cb620c229a
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 172
alt-svc: h3=":443"; ma=86400
x-amz-id-2: qk9hzjmQfrevCafGKrdegLAQt9wJi5ueRJ4AnkMb4l/aoyQt7NsbCasDnrjclG74QI/EkjuH5aw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 30bb86a5-2ea5-4a1a-a8a4-d7cb620c229a
last-modified: Tue, 15 Nov 2022 11:08:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTbykXIX9IjW58%2Fdkjt%2BSa6%2FiXxrRDfnkRxTh%2FJNoOdkxxmFkUyOry%2FyGRcChE6yzUTt28lrdg6BIJmJuVtiZfyXbQw13pHXZV4%2F7AZap8%2FdBCyZ3yOdsQQihOvEj%2BpsDRc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-l5wpd
access-control-allow-credentials: false
cf-ray: 8599b9e99de153e3-YYZ
x-amz-cf-id: WJ12LT3PigzF2NFkGt6yvwTH7_FK7OBdEl79Ls24G06IRIvDQQrRqw==

GET
H3 200 5417298.js Show response
bluetriangle.com/hs/scriptloader/ 2 KB
1 KB 171ms
170ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/scriptloader/5417298.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b37b305ef946672b9e7dabeffa5d5e007a1ee9850403c59b55ec5f9941294b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6cf08120-7761-489c-b5ee-5f2a66bd4e63
content-encoding: br
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6cf08120-7761-489c-b5ee-5f2a66bd4e63
last-modified: Thu, 22 Feb 2024 18:39:36 GMT
server: cloudflare
x-trace: 2B2DD635C505583050A46CD01BCAA00C7F51B7259D000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-f7f4ffb8f-fdnfk
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoRI2Y7XjHbn8F6drAmhPQLjyRVB6bjWn8E%2BOPmwRW1G8JnuBYDQDnKg1umV5R0gLc%2Fh3mEUuxJITYsefU00mfCdsIhUul1E0J8k3VL%2FZfKw6ghIPfVUPfTz29LpWlZA9gY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8599b9e99e0953e3-YYZ
expires: Thu, 22 Feb 2024 19:46:22 GMT

GET
H3 200 index.js Show response
bluetriangle.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 108ms
108ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 20f9576431d2962bf870247ded502538.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7204500
x-amz-cf-pop: YTO50-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DWrWRLW7pFeg3poV3rnvLrKN0ibrulfswIYNQfEZkIX55tTokHDhdE9LVHJfu%2Bhzu4w0SEWkJHcILB0HKPtVREqet9NNjOAX2h2%2Fsx6KNoWQKLHbvLN72WFzMO8XPw6MdEs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9e99e1053e3-YYZ
x-amz-cf-id: Wm5YXWtJ1NPeBa3JfBd6j1W9s55xAskXaivkpUCrUYozbeueIt_Bzg==
expires: Fri, 21 Feb 2025 19:44:52 GMT

GET
H2 200 all.css
pro.fontawesome.com/releases/v5.7.1/css/ 77 KB
16 KB 220ms
153ms Stylesheet
text/css 104.18.40.68
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.fontawesome.com/releases/v5.7.1/css/all.css
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.40.68 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9db1b06a7cfcabc0a842a496f6af2ab20c2e9aa6482210313b3c1588f4a066a

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 28 Jun 2021 17:35:05 GMT
server: cloudflare
x-amz-request-id: 9RFW67K6SWJFYNTQ
etag: W/"8f17a5dd66766d27715ec7925ed120fe"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
content-type: text/css
cache-control: max-age=31556926
cf-ray: 8599b9ea1f0fa246-YYZ
x-amz-id-2: lo6yhk0B5HuGg/oS0cJXqiHQeIJOD08AGrTBwCdLbCUOv0Nv8okscGuDrSIcGtd0QDotbmkIECY=

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 146ms
56ms Stylesheet
text/css 142.251.35.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.170 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f10.1e100.net

Software

ESF /

Resource Hash

09086c130a1b3f32bc414e76a9243bb0ff0850e0047c3b24918b4a080a6feb69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 19:44:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Feb 2024 19:44:52 GMT

GET
H2 200 font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 37 KB
6 KB 96ms
40ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 501803
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5884
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-9226"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmeqRf3Cc6EHFParw%2FiWEjls2Z5qr9xhauFRhCDuSorbGguPrGNM22IRvhg4NmfCUAxIjMt5BXhb7%2Bez6Con6ahd%2F8BR87qp%2BW%2B2rgyNwbo6N8yRetVTFPj4N0jIP4pDT7zxZG%2Fz"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8599b9e90eef36bf-YYZ
expires: Tue, 11 Feb 2025 19:44:52 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 272 KB
94 KB 205ms
108ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

dc98485f923213df395cf95a4988e2afff2035014d41a0fc8f582057f414aa69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96573
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 19:21:12 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Feb 2024 19:44:52 GMT

GET
H2 200 d98d3xe09x Show response
www.clarity.ms/tag/ 1 KB
1 KB 181ms
63ms Script
application/x-javascript 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/d98d3xe09x
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e5be1e5872552c72fb56ed101a552da3401a173690b524d38aab4e85c5c6d18b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

expires: -1
date: Thu, 22 Feb 2024 19:44:52 GMT
x-azure-ref: 20240222T194452Z-hfbdfx5yp57thcnxacutz32s380000000a9g00000000f427
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1025
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 hockeystack.min.js Show response
cdn.jsdelivr.net/npm/hockeystack@latest/ 19 KB
8 KB 77ms
25ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2fc22c99a8447321e0e800f54a583cae3dbed366e4dca934944be59a5953938f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 22 Feb 2024 19:44:52 GMT
x-content-type-options: nosniff
content-encoding: br
age: 10819
x-jsd-version: 1.3.173
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7852
x-served-by: cache-fra-etou8220035-FRA, cache-yyz4539-YYZ
x-jsd-version-type: version
etag: W/"4c8a-kueMVI5sPqOERZ+YZ6/SccBLCTs"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 btn-arrow11.svg
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 692 B
1 KB 215ms
146ms Image
image/svg+xml 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/btn-arrow11.svg
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60de9041e9d0b7fcb62607e1130b09faaf065dd590b627f4d67fce11b54e9e38

Request headers

Referer: https://bluetriangle.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-91737108267,FD-90760640880,P-5417298,FLS-ALL
age: 191793
x-amz-request-id: 3FZ3P8D0P6T4Q4WM
x-amz-server-side-encryption: AES256
edge-cache-tag: F-91737108267,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"cd1a60306ea26fe27deca67efc8871fe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1668514944834
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
via: 1.1 cd7813a109893bc5bd95f0672350e59c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: fzDd1wML91vxwsZkf82LGN9oS2ACq3nF
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-91737108267,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: AjLchJVCyzjP6cdr8yR6rKIn77ULh27gK+CGkgck00eb3Lvg0wyNd0ADNV0NY0Y9mi57Z9ow3Y4=
last-modified: Tue, 15 Nov 2022 12:22:25 GMT
server: cloudflare
cf-ray: 8599b9ea382a369c-YYZ
x-amz-cf-id: BWRslXQSdnfE-hrtCXGSy3-qu46iU0WUaJYiKRU3XToFpE5-cbs8JA==

GET
H2 200 blog_banner_left_shape.png
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 5 KB
6 KB 168ms
113ms Image
image/png 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/blog_banner_left_shape.png
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ddc95d932799d0cb415df96a68f7c435d1dd90e522e3d6c130386c3de2e45ed

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-90763009906,FD-90760640880,P-5417298,FLS-ALL
age: 19787
x-amz-request-id: SHNDSD283NHY8KY7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-90763009906,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "7187e3e828a10ec93e78540599b09c3b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667802374996
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
via: 1.1 4074a79e28cc4b1a455d24b3546c6c94.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: o2TCOR0Va4P4wCR3h2LLr334k4YghYzP
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origSize=10816, status=webp_bigger
x-cache: Miss from cloudfront
cache-tag: F-90763009906,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 5088
x-amz-id-2: fNhEUDnYgpgBQWm4DHihTlrXbzOWbJ6TXmg4oyolKO7Ufeo4J1FUanTFHL7S4qX6sn2PQqFtLjo=
last-modified: Mon, 07 Nov 2022 06:26:16 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8599b9ea4c4236b4-YYZ
x-amz-cf-id: apcxc44ODeg7XEpNgP8cCaHUcu9prEeYzPXxxQLifFrkZPFG2S_R9w==

GET
H2 200 big_Line.svg
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 177 B
983 B 399ms
344ms Image
image/svg+xml 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/big_Line.svg
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9f39fc22eccfef4525527f0bc75525e3fa522f5bd1bd2b18d29ebdbd1ae00cb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
via: 1.1 b90bbd3e21074296bb0c0cac8328de62.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
x-amz-meta-cache-tag: F-90763091305,FD-90760640880,P-5417298,FLS-ALL
x-amz-version-id: .4RKP2YOW3dmHDUSNK4V2B1Rqjle9RwH
x-amz-cf-pop: YTO50-C2
x-amz-request-id: J2N26ZQZFN8A3D99
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
edge-cache-tag: F-90763091305,FD-90760640880,P-5417298,FLS-ALL
cache-tag: F-90763091305,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-id-2: IkalG/2qHc0PDV2XdZnTTnb/Cee7W+bjf4N1JXcUW9CELf5O+JoIiSf6O+3KxmUuU9t/VTzdPJEu9asJ5B5VX87U7SxnuLGATMSMXKwKVk8=
last-modified: Mon, 07 Nov 2022 06:48:04 GMT
server: cloudflare
etag: W/"e9332d0a760d8eead922a57674107c91"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667803683465
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 8599b9ea4c4436b4-YYZ
x-robots-tag: all
x-amz-cf-id: w5C5rao8E9_bDbqaRbOrqKTV2Z9DbXYxdxoJgWc8YAH-RLXkpDYxhA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 banner%20right.png
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 5 KB
5 KB 178ms
123ms Image
image/webp 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/banner%20right.png
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af16b484b637cbb02d10f4339aafe1f8e4d781ba01994e2ef2fbb0ba143baa44

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-90765064056,FD-90760640880,P-5417298,FLS-ALL
age: 19787
x-amz-request-id: HZW31C9ZMZGPAN5A
x-amz-server-side-encryption: AES256
edge-cache-tag: F-90765064056,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="banner%20right.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ec156660b35a46350f1f26944b04c2f9"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667804234309
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:52 GMT
via: 1.1 b6b3763e07a2a3280ef90f8be16c62e2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: 6YyOdzHDC5_Xqdvfs9.KGT5stCO9upKR
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=12891
x-cache: RefreshHit from cloudfront
cache-tag: F-90765064056,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 4692
x-amz-id-2: AkWRxWkTmYYqNpNWu39Bm26ljAR8BrBgHN/xQGnVF06WwVQb5eYB50eWQHjHtX0c3c5Ui+e1sIY=
last-modified: Mon, 07 Nov 2022 06:57:15 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8599b9ea4c3f36b4-YYZ
x-amz-cf-id: i4ro2N2ovuHkm5vaIbV3bQpjzAqw9dxEtMIDTTkNjo26MGI1iDEKIA==

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 152ms
67ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:47:32 GMT
x-content-type-options: nosniff
age: 43040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:47:32 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 131ms
47ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:56:13 GMT
x-content-type-options: nosniff
age: 42519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:56:13 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 126ms
43ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:33:56 GMT
x-content-type-options: nosniff
age: 43856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:33:56 GMT

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 76ms
46ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 6047860
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kcT5gzvV0TObDORCYTf6z4Rd0jCwSoBcXYxZmqUsJdQ02uXe5mksdNZ8T7cwCCUmlrUWB4KArCCt40wSLzSfpFzNvftm5sXZs8wGs9TIHi%2Fb7aVYSvO%2FfhWcEieLe9uOipcR9G5M"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8599b9e9f80c36af-YYZ
expires: Tue, 11 Feb 2025 19:44:52 GMT

GET
H2 200 pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 7 KB
8 KB 145ms
64ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:53:55 GMT
x-content-type-options: nosniff
age: 42657
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7632
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:09:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:53:55 GMT

OPTIONS
H/1.1 204
No Content send
data.hockeystack.com/ Frame 0
0 389ms
121ms Preflight 18.196.170.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://data.hockeystack.com/send

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.196.170.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-170-251.eu-central-1.compute.amazonaws.com

Software

nginx/1.24.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://bluetriangle.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://bluetriangle.com
Access-Control-Max-Age: 3600
Connection: keep-alive
Content-Length: 0
Date: Thu, 22 Feb 2024 19:44:53 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK send
data.hockeystack.com/ 16 B
552 B 363ms
124ms Ping
application/json 18.196.170.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://data.hockeystack.com/send

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.196.170.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-170-251.eu-central-1.compute.amazonaws.com

Software

nginx/1.24.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
Server: nginx/1.24.0
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
X-Download-Options: noopen
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://bluetriangle.com
Vary: Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 16
X-XSS-Protection: 1; mode=block

GET
H2 200 web-performance.js Show response
www.clarity.ms/s/0.7.20/ 22 KB
10 KB 45ms
44ms Script
application/javascript 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/web-performance.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/d98d3xe09x
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b6ce8b9b3325199e5326b6709cfc50f8c0d1e1323aced65a85d9286925783a73

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:52 GMT
content-encoding: br
last-modified: Wed, 24 Jan 2024 14:33:21 GMT
etag: W/"0x8DC1CE96A687629"
vary: Accept-Encoding
x-azure-ref: 20240222T194452Z-hfbdfx5yp57thcnxacutz32s380000000a9g00000000f42b
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 78db683a-501e-0064-531c-5fdf43000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 bott.svg
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 193 B
674 B 68ms
67ms Image
image/svg+xml 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/bott.svg
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c59c0c431c5c32e278675305b6cbe01020242af504abda78b09c104f433506a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-91051921278,FD-90760640880,P-5417298,FLS-ALL
age: 19788
x-amz-request-id: SHN6HNVSXX64K1RF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-91051921278,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"0b756dc7edfa3ffe46a4e7ec53c2ff91"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667996954685
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
via: 1.1 bf162a8b9bcf17e02f2843479d4278e2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: 6.cxhjDUXXNuuVPcu46d0ZRoBGNz.6TV
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-91051921278,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: P/KSIEfNmJ+SMGqt+gidjrsycoMPNEdtYGqBCtBPxXKk92+4y5sZ3Et55xM5rdL8V3fzBRMDV+k=
last-modified: Wed, 09 Nov 2022 12:29:15 GMT
server: cloudflare
cf-ray: 8599b9eb5dae36b4-YYZ
x-amz-cf-id: sS4QjfTZIP_DcUTdPfn7vwbswSo2KgvyrVUrSZyDDZGAAGMO59WBoA==

GET
H3 200 Footer-bg-1.png
bluetriangle.com/hubfs/ 9 KB
10 KB 312ms
311ms Image
image/png 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hubfs/Footer-bg-1.png

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

04b01f0402a6765741efab24dd00d1c8a4da6da9074f1f8f6330a686e9abd04a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-92036373763,P-5417298,FLS-ALL
x-amz-request-id: M5PSANJHXNMH881K
x-amz-server-side-encryption: AES256
edge-cache-tag: F-92036373763,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "948729da719878cfae9c9826d7a99b9d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1668691812811
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 71c905b4598d7bc2693cb47f711520b0.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 9u6Iys5VZnf7lguImSeDGVAY.q3LfhgY
x-amz-cf-pop: YTO50-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-92036373763,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 8962
x-amz-id-2: CeAIwKmwO/jEVfr4o+c6FsPSk6stqjL9an42jqwhnMRrq794BKVFQWL4pv5/iWZK9PCnJPCZD/U=
last-modified: Thu, 17 Nov 2022 13:30:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHLuGZR%2BDOpASzmVNjTKD2%2BGtqglOb6BR6NMdbwgGXRJeo26VO9%2BOH8ZH%2FQX%2B9c1JUSKlW%2B%2Fqf1wWiYLVhmJ%2BksjAnQXcam5qAp4%2Fr5MGxqTFGWhcorMHp1Aeq%2BX54CzESw%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8599b9eb58ce53e3-YYZ
x-amz-cf-id: -KkLZ4u7xgtJg5Y9sMvHOKSgiKGXaaZRxlqpR6jmob2s9z8rT3Cmxg==

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 39ms
38ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:47:35 GMT
x-content-type-options: nosniff
age: 43038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:47:35 GMT

GET
H3 200 json Show response
bluetriangle.com/_hcms/forms/embed/v3/form/5417298/84471c34-147f-46a4-a010-1f802480972e/ 10 KB
4 KB 271ms
271ms XHR
application/json 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/_hcms/forms/embed/v3/form/5417298/84471c34-147f-46a4-a010-1f802480972e/json?hs_static_app=forms-embed&hs_static_app_version=1.4733&X-HubSpot-Static-App-Info=forms-embed-1.4733

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

928d261a96884bd8a49872f8f1d543a78cc8b8ef8ef17cdef08042f8c50cbdcf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 32b72d47-2fc2-4f1d-a3ae-8cf82d52de2d
content-encoding: br
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 32b72d47-2fc2-4f1d-a3ae-8cf82d52de2d
server: cloudflare
x-trace: 2BA3645C4E4D8A6FD755CFD197BD3EEF74B4BE1D85000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-pd6kl
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZl%2BI1PAlMS3Au1cs1YBPQG%2BVsm8wiHAmx9ojvgoaPbthgJ4vDoHnt0C9aOYgC5xEbH4KmbrC9uCANvqq2PGgHznV%2Fi33jn9IhQ4hlHBcB4GdOqQJGeTDelRDYceyOPGZSc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8599b9eb791e53e3-YYZ
access-control-allow-headers: *
x-robots-tag: none

POST
H2 204 collect
www.google-analytics.com/g/ 0
254 B 141ms
54ms Ping
text/plain 142.251.35.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-5GRDCZF1Q1&gtm=45je42h0h1v880003119za200&_p=1708631092725&gcs=G100&gcd=13p3p3p3p5&npa=1&dma_cps=-&dma=0&gdid=dZTQ1Zm&cid=865640538.1708631093&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=denied&_s=1&sid=1708631093&sct=1&seg=0&dl=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&dt=The%20Anatomy%20of%20a%20Magecart%20Attack%20and%20How%20to%20Protect%20Your%20Site%20in%202020&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1154
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5GRDCZF1Q1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.35.174 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s78-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 19:44:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bluetriangle.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5417298.js Show response
js.hs-banner.com/ 61 KB
17 KB 132ms
74ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/5417298.js
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs/scriptloader/5417298.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19b36d72c8b834372d3b7e0c39cf33e9a24931dc66be8161af08e86fdd10ffa8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
x-amz-version-id: B89xYWJxCaEnfrLnqGkbEPTFZu25oVI1
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: ZM8JTNXKE413DCNB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3b3ecb66-0ddd-49a7-b7b5-5d3075920e87
x-envoy-upstream-service-time: 45
x-amz-id-2: c1RX9m2wj+wOmNxGiFQ5BkUM46E1z4LnWz9aQbvPxiKl2h58Z3sVBeIAHepj0JMNdZpCxVUmmkNDPgjIqkrKqvEh40jHIoVK
x-evy-trace-listener: listener_https
x-request-id: 3b3ecb66-0ddd-49a7-b7b5-5d3075920e87
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 06 Feb 2024 15:30:35 GMT
server: cloudflare
etag: W/"900cf35b7cd5c08a3af454cfa1fedb86"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-rk9w9
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8599b9ec7cda549d-YYZ
expires: Thu, 22 Feb 2024 19:49:53 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
25 KB 180ms
104ms Script
application/javascript 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/scriptloader/5417298.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee9f2f620122112ded1f6498ba96d1c797429ab7c07806f689ed5d7142c15973

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.911/bundles/project.js&cfRay=8599b9ec9c6636c3-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0e31e7204888ce69b5f5486b7f3c8806"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.911/bundles/project.js
date: Thu, 22 Feb 2024 19:44:53 GMT
x-amz-version-id: 6TFkQJ5lE2FVj1l7Z_pBZDXw00jHreli
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: bd3549b6-126e-4821-b2eb-0f5f216e3b69
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-request-id: bd3549b6-126e-4821-b2eb-0f5f216e3b69
last-modified: Thu, 22 Feb 2024 11:41:13 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apWmnJj%2FM9Jn3i%2FOZBwjhB0vD4pSJUytkh%2B7%2F6e6UYjg%2F8BT7pG0LAwdD8k6we%2BRP8Zir8CYNO3qJzhPxYqvOvHWsrH%2FrONhzz2cNideCDIc3RNeclC737VcBrw9yATD"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-jp2fd
cf-ray: 8599b9ec9c6636c3-YYZ
x-amz-cf-id: A01862H1Mpw4dVRUQWk3-x4nRsT2lKC6f0F0V5lj6CEo0NN6DaMrcA==

GET
H2 200 5417298.js Show response
js.hs-analytics.net/analytics/1708630800000/ 71 KB
22 KB 169ms
114ms Script
text/javascript 104.16.77.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1708630800000/5417298.js
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs/scriptloader/5417298.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.77.186 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 998e353812042cec7abab227c888a8bc7183b0765cf58edec6b386f00f1ed1b0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 7Y8ZMBQJSNMWMSKT
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e91755ed-732b-44e1-a76d-adeb89798192
x-envoy-upstream-service-time: 44
x-amz-id-2: utpIlruCAvHPbhsOqBIbxUNG4Od21lV3wgJ7fa6IB0mQGLX4eNGYeGeqxWDantitGsXc+IKL7IA=
x-evy-trace-listener: listener_https
x-request-id: e91755ed-732b-44e1-a76d-adeb89798192
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Jan 2024 16:33:20 GMT
server: cloudflare
etag: W/"c283edc25a862de15c4e979018dfae64"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-phrfm
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8599b9ec792039c3-YYZ
expires: Thu, 22 Feb 2024 19:49:53 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 119ms
46ms Script
application/javascript 104.18.124.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/scriptloader/5417298.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.124.12 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
age: 6390
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js&cfRay=85991dee5de0a228-YYZ
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"2a6dc24f5ac6c8a7eefaadde95ff2129"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js
date: Thu, 22 Feb 2024 19:44:53 GMT
x-amz-version-id: ukHk26vS_rf4a6X6Ik2.9R2qKIwOxT4G
via: 1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: f7c24ec3-796c-474c-abb8-f6c84b879465
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: f7c24ec3-796c-474c-abb8-f6c84b879465
last-modified: Tue, 06 Feb 2024 10:46:39 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-95tks
cf-ray: 8599b9ec99be36ab-YYZ
x-amz-cf-id: zDzXy-GcrmHEqZpdu6sR-D2R5L4LiW4zfRvGZHJhT57o6lML_ZpEcQ==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 105ms
48ms Script
application/javascript 104.17.231.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/scriptloader/5417298.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.231.163 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7b88f6ac1ab16f64fbef6c112cf90ec87b9ec392707cc68a0c24f4d79cab007

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
x-amz-version-id: xJ6gA7_aHqA2aBho2L24oFgDKE0QVk9F
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 362
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.526/bundles/pixels-release.js&cfRay=8599b114ae875419-YYZ
x-cache: Hit from cloudfront
x-hubspot-correlation-id: fa9a93b9-9cda-458d-a250-889cd5a72f3e
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fa9a93b9-9cda-458d-a250-889cd5a72f3e
last-modified: Thu, 22 Feb 2024 18:18:35 UTC
server: cloudflare
etag: W/"e837f14dd4a646ee7c5997e3ab75b53c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-ln7lm
cf-ray: 8599b9ec8a075437-YYZ
x-amz-cf-id: IDPZ-HvhwXAzuRLPIzCVfKbJm5npJBkR8AjGbvy82RaU0rO8hKQtBg==
x-hs-target-asset: adsscriptloaderstatic/static-1.526/bundles/pixels-release.js

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
706 B 175ms
174ms Script
text/plain 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=5417298&callback=jsonpHandler

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 922e2479-7c58-42dd-9954-18474d09a889
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8599b9ec2b4b7114&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 922e2479-7c58-42dd-9954-18474d09a889
server: cloudflare
x-trace: 2BBE145A15DDC0D77F85F1B2F7D5DC12C7838F41DC000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-4p57r
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 8599b9ec2b4b7114-YYZ

GET
H3 404 plus.png
bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/images/ 102 B
102 B 155ms
155ms Image
text/html 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/images/plus.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b06e4f9701667cbfb2c27b4955dfb26ad87cf2d410df01289c744f17a1a0257

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: IAD89-C1
x-evy-trace-route-service-name: envoyset-translator
x-amz-version-id: oQ5g.LoAEFK3mdk3M1pWALQQ6oLrzuy3
content-encoding: br
x-cache: Error from cloudfront
x-hubspot-correlation-id: 0361ce95-1f8b-4364-9137-ce7495568fe6
x-envoy-upstream-service-time: 160
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0361ce95-1f8b-4364-9137-ce7495568fe6
last-modified: Tue, 19 Feb 2019 20:12:00 GMT
server: cloudflare
etag: W/"f6e4b6cdb45684ca8239a8161901d7ad"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4QioAtohiVTxp4Q%2F31mg5DPtK6sLvtUD9dGA%2BEnqtQ14lWSPQo2KSET4ie0vJ3z3UjRkxfBqqI2W6UrneWsGJH9GdUC26NeRGc%2F7gOzwYTrstWLLGTG7NYe%2B0mGG%2B0CJE5k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5c8495489f-xmkhz
x-evy-trace-virtual-host: all
cache-control: s-maxage=300, max-age=600
access-control-allow-credentials: false
cf-ray: 8599b9ec3a5e53e3-YYZ
x-amz-cf-id: itYN0TBJpxk4WFZhlQYczTUD_CeeJTcGfvnfYG39B-BGwx81C1zgYQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 schedule-your-csp-manager-demo Show response
calendly.com/blue-triangle/ Frame CFA9 7 KB
4 KB 308ms
295ms Document
text/html 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/external/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6098ccb73530dfabe3af94c2f3de535fd585c80cc0715b5dc28bc60afdd8e067

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8599b9ec59d4a208-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 22 Feb 2024 19:44:53 GMT
link: <https://assets.calendly.com/assets/booking/css/booking-25a44104.css>; rel=preload; as=style; nopush
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: ALLOWALL
x-request-id: 8eb3c4d70537cc68216866b4f1074e1c
x-runtime: 0.200123

GET
H2 200 btn-arrow11.svg
newbt.wpengine.com/wp-content/uploads/2022/11/ 692 B
650 B 318ms
138ms Image
image/svg+xml 34.75.101.160
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newbt.wpengine.com/wp-content/uploads/2022/11/btn-arrow11.svg
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.75.101.160 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 160.101.75.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 60de9041e9d0b7fcb62607e1130b09faaf065dd590b627f4d67fce11b54e9e38

Request headers

Referer: https://bluetriangle.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
content-encoding: br
last-modified: Tue, 17 Jan 2023 15:15:26 GMT
server: nginx
etag: W/"63c6bb8e-2b4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H3 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 43ms
43ms Font
font/woff2 142.250.81.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@100;300;400;500;600;700;800;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.227 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f3.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bluetriangle.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 07:32:03 GMT
x-content-type-options: nosniff
age: 43970
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 07:32:03 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
455 B 167ms
72ms Ping
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=13p3p3p3p5&rnd=543350929.1708631093&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&dma_cps=-&dma=0&npa=1&gtm=45He42h0n71T6RRHKv71697097za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.98 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 19:44:53 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 45 KB
16 KB 153ms
39ms Script
application/javascript 23.40.179.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.40.179.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-40-179-200.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Feb 2024 09:12:49 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=31790
accept-ranges: bytes
content-length: 16480

GET
H2 200 btt.js Show response
bluetriangledemo500z.btttag.com/ 137 KB
32 KB 419ms
51ms Script
application/javascript 104.22.59.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangledemo500z.btttag.com/btt.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.22.59.128 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31233067b3bddf82f31483142c218a8284b085e2c0a2406f7822d7d2b08b01e4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 22 Feb 2024 14:15:04 GMT
server: cloudflare
age: 19789
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8599b9eef80a5497-YYZ
content-length: 32129
x-xss-protection: 1; mode=block

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 142 KB
43 KB 176ms
54ms Script
application/javascript 54.230.163.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.163.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-163-90.ewr53.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

889794fd02992011c4b843a05190531656d4c6148e6d4375be6bab3432b580d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickceasebiz.com https://*.clickceasebiz.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: Cf02rYNryv9UIBzoGOQeQJTZ2QU2vf2Y
content-encoding: gzip
via: 1.1 4ce15cd7013298653f4333aa57416c80.cloudfront.net (CloudFront)
date: Thu, 22 Feb 2024 19:44:48 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickceasebiz.com https://*.clickceasebiz.com; upgrade-insecure-requests;
x-amz-cf-pop: EWR53-C3
age: 8
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Sep 2023 09:05:15 GMT
server: AmazonS3
etag: W/"e112b8bf96f23bc2970347a3c98e37fc"
vary: Accept-Encoding, Origin
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: W72a8l47jtAs-u_HwAbK2Kn8kmEsKuiNXDeKCuZ95aWYS3zXFaaNeQ==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 4 KB
2 KB 118ms
106ms XHR
application/json 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&pageId=8880541776&pid=5417298&sv=cta-embed-js-static-1.258&rdy=1&cos=1&df=t&pg=66b04195-5274-4fb4-b37e-b7858df94db1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e34fad5aec7d94468881946a5130acbb155575eae5d775f18cfa478c9b6fd1b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a22e9f0f-7671-402b-b985-146f79ca091e
content-encoding: br
x-envoy-upstream-service-time: 36
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a22e9f0f-7671-402b-b985-146f79ca091e
server: cloudflare
x-trace: 2BC3534C0F8C6F321C30C7D70E63B71B8C6934D25A000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-s6b6d
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dSbvQRFl%2Fj2fXs3Zmbbxqs6BDXTSbPdcAdJ8B0qyD22aRPFart6WGR0u7ieDolW8GLa2eElFVFIHD61%2FZA4BIlmPttaTuP9Fl%2FkucgXzWrzv0v1oRqsCrqlgtQ8t72vqIM4V%2F1MpxMCDoS22yvg%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8599b9ec9c267114-YYZ

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
173 B 86ms
85ms XHR
text/plain 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/5417298.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 472b6857-4326-4bcb-b65c-08aaf625b246
x-envoy-upstream-service-time: 19
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 472b6857-4326-4bcb-b65c-08aaf625b246
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-rk9w9
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8599b9ee0b2ba1f9-YYZ

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 131ms
73ms Preflight
application/octet-stream 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://bluetriangle.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://bluetriangle.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8599b9ed9a6ea1f9-YYZ
content-length: 0
content-type: application/octet-stream
date: Thu, 22 Feb 2024 19:44:53 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 7
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-pbxg4
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: cbc23554-3e02-4033-b039-08cf5254c1b4
x-request-id: cbc23554-3e02-4033-b039-08cf5254c1b4

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1015 B 189ms
100ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 40b93f02-f89b-4a54-8906-c06a4416bdf3
x-envoy-upstream-service-time: 8
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 40b93f02-f89b-4a54-8906-c06a4416bdf3
Server: cloudflare
X-Trace: 2BC0704A5B38EE27C169D6B872E8A35399F215EE2E000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-lxgwd
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8599b9edee465401-YYZ

GET
H3 200 cta-loaded.js Show response
bluetriangle.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 152ms
152ms Script
application/javascript 199.60.103.99
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://bluetriangle.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=5417298&pg=66b04195-5274-4fb4-b37e-b7858df94db1&lt=1708631092879&dt=1708631092880&at=1708631093330&an=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.99 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5da2acbd-7837-4636-a819-aa9a61816e96
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5da2acbd-7837-4636-a819-aa9a61816e96
last-modified: Thu, 22 Feb 2024 19:44:53 GMT
server: cloudflare
x-trace: 2BA8BA80BC8824EA9D1A7179929F71FCD9149FF101000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7l6lVG5wPDdK28IkVy20VnxgQbwQDmRgNa3ekrJBN1Oeq9J0mFQSSqe8VvlzhjBaOJMstdzKPBbXIJt3ywYBZogTTJMUbsDWBAWYKV4DcXNoC2TpFGrXJfDIoomegV8l%2FE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-whsvb
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 8599b9ed6bfd53e3-YYZ
x-robots-tag: noindex, follow

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 326ms
243ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 46689837-b3dd-4323-805a-95e66d3a87a9
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 46689837-b3dd-4323-805a-95e66d3a87a9
Last-Modified: Thu, 22 Feb 2024 19:44:53 GMT
Server: cloudflare
X-Trace: 2BB9D0E1F0CCD147E2FE50FC580ADF62C3E7661581000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-z84xk
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8599b9edec5ea24c-YYZ

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 204ms
123ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: cf5aaac1-2441-4e7e-8768-2e68de46b6c7
x-envoy-upstream-service-time: 46
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cf5aaac1-2441-4e7e-8768-2e68de46b6c7
Last-Modified: Thu, 22 Feb 2024 19:44:53 GMT
Server: cloudflare
X-Trace: 2BB94313143BAB7301586E8929EFB2A4755F6D56B6000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-bbxhh
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8599b9ede92336ac-YYZ

GET
H2 200 cta-arrow.png
5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/ 112 B
732 B 68ms
68ms Image
image/webp 172.64.146.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5417298.fs1.hubspotusercontent-na1.net/hubfs/5417298/Bluetriangle%20Blog%202022/images/cta-arrow.png
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9df8d054a1e59a075fd383fd54758dee9013aa075310b284e4822948cc26d917

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
age: 19789
x-amz-request-id: WZTZY5DNWPX43RJF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="cta-arrow.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "06f4bcc0543f53ede30882d095ae77e8"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1667798579478
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 19:44:53 GMT
via: 1.1 1f0f1388abc5c7a2f1935aa322216120.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: KAgehLbLi5fj50dVAKEzDoYmnKwbdhAX
x-amz-cf-pop: YUL62-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=173
x-cache: RefreshHit from cloudfront
cache-tag: F-90760568354,FD-90760640880,P-5417298,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 112
x-amz-id-2: mstjXHnXLPiQ8Q0Zrs8twl5PNFFyjIpwNT72BMyzkvTjWA10iMMjQboZJlKzvSexPCK+F++qJsXR7BVsaxraihT4m5kjTuRx
last-modified: Mon, 07 Nov 2022 05:23:00 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8599b9ed888e36b4-YYZ
x-amz-cf-id: S4WBXCPh2BbApNbM0KiqlGBi9GiQnL8rSJJqi4NulfLokwW3M4E_iA==

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1015 B 136ms
63ms Image
image/gif 104.18.192.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.192.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 0cc2f956-1902-4b59-b0cc-00ad9bb22b9a
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0cc2f956-1902-4b59-b0cc-00ad9bb22b9a
Server: cloudflare
X-Trace: 2B00CE35DB1434AAE57371DA24A733A33CAD595695000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-r4fkb
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8599b9ee1af83a0b-YYZ

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 404 B
1 KB 115ms
115ms Fetch
application/json 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=5417298&currentUrl=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&contentId=8880541776

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 585c1ca9-ef2e-4ff7-ac2b-efe5e37091a4
content-encoding: br
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 585c1ca9-ef2e-4ff7-ac2b-efe5e37091a4
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JCu7CZMmCh2xvkmIVnLN12jr9pv5PKpmvAQ1BoDtzIs0axIi2DuirIOKUT6rCjAa0E8V24gP%2FGjtnQN92pD5gpDnU6ocqnobEON7SMOHEJyv9BjKvF3GoKkMQ4R89RJp8XyycIFWkmmqhjAzh8k%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8599b9edfe9936c3-YYZ
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-whsh6

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D419778%26time%3D1708631093474%26li_adsId%3Db5d78f66-4bd3-43d9-a005-1c9860a651a2%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect...

0
161 B

75ms
74ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cookiesTest=true&liSync=true
Requested by: Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: C3413C3D6D854829824D80663A539E7E Ref B: CHGEDGE1320 Ref C: 2024-02-22T19:44:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYR/a1ol+/sw072em+TeQ==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 19:44:53 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYR/a1nVi3Lrcn5SogoGg==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: EE1F6CA947FE480E93445330FFD106DF Ref B: CHGEDGE1320 Ref C: 2024-02-22T19:44:53Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=419778&time=1708631093474&li_adsId=b5d78f66-4bd3-43d9-a005-1c9860a651a2&url=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 booking-25a44104.css
assets.calendly.com/assets/booking/css/ Frame CFA9 457 KB
266 KB 169ms
168ms Stylesheet
text/css 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/booking/css/booking-25a44104.css

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

835aa00144b06d0d2ba89cf8f0a30b2363b82dc296c39b96ebf3d365315c70f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 182091
cf-polished: origSize=485683
last-modified: Tue, 20 Feb 2024 17:04:55 GMT
cf-bgj: minify
server: cloudflare
etag: W/"251e1a0a7c6c611c1296a891365a7657"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 8599b9ee5cbea208-YYZ
expires: Fri, 23 Feb 2024 19:44:53 GMT

GET
H2 200 booking-runtime-911b9bbf.js Show response
assets.calendly.com/assets/booking/js/ Frame CFA9 10 KB
3 KB 117ms
116ms Script
application/javascript 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/booking/js/booking-runtime-911b9bbf.js

Requested by

Host: calendly.com
URL: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ee4fca273933599ba270eabb6a1dceec06a1af70312a14559ef360331c0eb3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 182094
cf-polished: origSize=19531
last-modified: Tue, 20 Feb 2024 17:04:55 GMT
cf-bgj: minify
server: cloudflare
etag: W/"3e316769fefcca9e335afa14f256db83"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9ee5cc2a208-YYZ
expires: Fri, 23 Feb 2024 19:44:53 GMT

GET
H2 200 booking-60432122.js Show response
assets.calendly.com/assets/booking/js/ Frame CFA9 2 MB
451 KB 78ms
77ms Script
application/javascript 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/booking/js/booking-60432122.js

Requested by

Host: calendly.com
URL: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0530063e482b71806f95f1f35e4f9d601e1e3511750b8bb2caecfcc37ff3bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 160905
cf-polished: origSize=1707081
last-modified: Tue, 20 Feb 2024 22:57:43 GMT
cf-bgj: minify
server: cloudflare
etag: W/"39115255a00a3efe0cb41a723abbaff2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8599b9ee5cc9a208-YYZ
expires: Fri, 23 Feb 2024 19:44:53 GMT

GET
H2 200 dc9688c7588b.js Show response
w.usabilla.com/ Frame AA8D 35 KB
11 KB 165ms
46ms Script
text/javascript 3.210.159.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://w.usabilla.com/dc9688c7588b.js?lv=1
Requested by: Host: calendly.com
URL: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.159.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-159-148.compute-1.amazonaws.com
Software: /
Resource Hash: 000cc4476b77ba7f603be9c0d09e2679557bcc113205b25b3d8d26c192252c25

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 19:44:53 GMT
content-encoding: gzip
x-widget-server: 2.1
etag: "5bff49eccfb4bff9d93420062693daaf"
content-type: text/javascript
cache-control: public,max-age=0
content-length: 10667

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 142ms
74ms Image
image/gif 104.17.239.249
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.17.239.249 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 19:44:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 0e0b4a8f-f795-4ad8-8ebc-d1c390f0bc06
x-envoy-upstream-service-time: 4
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0e0b4a8f-f795-4ad8-8ebc-d1c390f0bc06
Last-Modified: Thu, 22 Feb 2024 19:44:53 GMT
Server: cloudflare
X-Trace: 2B49076D510213EC1F265B09A7ED9E82755841D293000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-h9f8j
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8599b9ef1a5639f2-YYZ

GET
H2 200 v3 Show response
js.stripe.com/ Frame CFA9 600 KB
167 KB 105ms
26ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-60432122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

14ae13e024eceb5c9d5510d6d6290d0188ed4a15f48f99a03067cceeb006ba73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 19:44:53 GMT
via: 1.1 varnish
age: 30
x-cache: HIT
content-length: 170338
x-request-id: d6b740aa-bb96-4db7-846f-3453972d86ad
x-served-by: cache-yyz4576-YYZ
last-modified: Wed, 21 Feb 2024 21:35:56 GMT
server: Fastly
etag: "fca098a5b245c578da5e4ca3be84ec9b"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 26

GET
H2 200 user Show response
calendly.com/api/booking/ Frame CFA9 2 B
127 B 113ms
111ms XHR
application/json 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://calendly.com/api/booking/user

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-60432122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Accept: application/json, text/plain, */*
Referer: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline
X-CSRF-Token: ndKRRzVJGSgcLqGyr99ezTSGP37Kd6V2Z8eWgMwN4JitWF3WNmQW2wtv-nCdnjLLnJA6nh6KS0qGtsbAlfV2vQ
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-runtime: 0.004088
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
etag: W/"44136fa355b3678a1146ad16f7e8649e"
x-frame-options: ALLOWALL
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 8599b9f04fbda208-YYZ
x-request-id: 975236995bad6ec9012dde4560c6c6c5

GET
H2 200 request Show response
calendly.com/api/booking/ Frame CFA9 42 B
199 B 93ms
91ms XHR
application/json 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://calendly.com/api/booking/request

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-60432122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c51f1138eb7c2712e2427f6a3f448df24c07ce271bc24c6fff8284a4ec1c1fda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Accept: application/json, text/plain, */*
Referer: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline
X-CSRF-Token: ndKRRzVJGSgcLqGyr99ezTSGP37Kd6V2Z8eWgMwN4JitWF3WNmQW2wtv-nCdnjLLnJA6nh6KS0qGtsbAlfV2vQ
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-runtime: 0.004324
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
etag: W/"c51f1138eb7c2712e2427f6a3f448df2"
x-frame-options: ALLOWALL
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 8599b9f04fc2a208-YYZ
x-request-id: b0cc26d017e7bca700bb4f22da763de5

GET
H2 200 settings Show response
calendly.com/api/booking/ Frame CFA9 2 KB
1 KB 165ms
164ms XHR
application/json 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://calendly.com/api/booking/settings

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-60432122.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

01a66f314327c44281f84d65a39b9473117ef5e91035f9c1b9554b63431242c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Request headers

Accept: application/json, text/plain, */*
Referer: https://calendly.com/blue-triangle/schedule-your-csp-manager-demo?embed_domain=bluetriangle.com&embed_type=Inline
X-CSRF-Token: ndKRRzVJGSgcLqGyr99ezTSGP37Kd6V2Z8eWgMwN4JitWF3WNmQW2wtv-nCdnjLLnJA6nh6KS0qGtsbAlfV2vQ
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-runtime: 0.004038
date: Thu, 22 Feb 2024 19:44:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
etag: W/"01a66f314327c44281f84d65a39b9473"
x-frame-options: ALLOWALL
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: max-age=0, private, must-revalidate
cf-ray: 8599b9f04fc5a208-YYZ
x-request-id: b2c9cc04193480864a26c4fb9d973c0d

GET
H2 200 en-54a9ccad.chunk.js Show response
assets.calendly.com/assets/booking/js/locales/ Frame CFA9 30 KB
10 KB 98ms
96ms Script
application/javascript 104.18.41.175
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/booking/js/locales/en-54a9ccad.chunk.js

Requested by

Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-runtime-911b9bbf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.175 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3468fcfc63c785677808241a3ec81fd5d3e94c3fda3df21253f933450c3ab5e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://calendly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 16 Feb 2024 13:24:17 GMT
cf-bgj: minify
server: cloudflare
age: 540925
etag: W/"4327dbda4c2ba19c06965db78a142af8"
vary: Accept-Encoding
content-type: application/javascript
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 8599b9f15984a208-YYZ
expires: Fri, 23 Feb 2024 19:44:54 GMT

GET
H2 200 config.json Show response
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame CFA9 220 B
490 B 51ms
51ms Fetch
application/json 52.20.221.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.8&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.57%20Safari%2F537.36&language=JavaScript
Requested by: Host: assets.calendly.com
URL: https://assets.calendly.com/assets/booking/js/booking-60432122.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.221.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-221-94.compute-1.amazonaws.com
Software: /
Resource Hash: b7684ef5ef7ee0d536403226f29a0d97d394ea2bec8877983a3f2da6d4665432

Request headers

Accept: application/json
Cache-Control: no-cache,no-store
Referer: https://calendly.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 22 Feb 2024 19:44:54 GMT
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 220
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json; charset=UTF-8

OPTIONS
H2 204 config.json
notifier-configs.airbrake.io/2020-06-18/config/90109/ Frame 0
0 162ms
50ms Preflight 52.20.221.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://notifier-configs.airbrake.io/2020-06-18/config/90109/config.json?&notifier_name=airbrake-js%2Fbrowser&notifier_version=2.1.8&os=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F122.0.6261.57%20Safari%2F537.36&language=JavaScript
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.221.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-221-94.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: cache-control
Access-Control-Request-Method: GET
Origin: https://calendly.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
allow: OPTIONS, GET
date: Thu, 22 Feb 2024 19:44:54 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 75ms
74ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: bluetriangledemo500z.btttag.com
URL: https://bluetriangledemo500z.btttag.com/btt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: ACDFE53E76544D2BB96BBB6126FE4539 Ref B: CHGEDGE1320 Ref C: 2024-02-22T19:44:54Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://bluetriangle.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYR/a1p63Pt/GhR06a55w==

GET
DATA 200
OK truncated
/ Frame CFA9 37 KB
37 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d41624e9721619a0dbe00d0fd9c0175a8f97c484aab61117db7246f69b7de9ba

Request headers

Referer
Origin: https://calendly.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ Frame CFA9 45 KB
45 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ea98b82eb62795846fed9452c40531d668dd519e29633c196905d6f5af8d846

Request headers

Referer
Origin: https://calendly.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html Show response
js.stripe.com/v3/ Frame 6C04 200 B
840 B 26ms
26ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://calendly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 8652259
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 22 Feb 2024 19:44:54 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 547491
x-content-type-options: nosniff
x-request-id: 1749046a-a78d-408b-93f6-820c34440e56
x-served-by: cache-yyz4576-YYZ

GET
H2 200 m-outer-15a2b40a058ddff1cffdb63779fe3de1.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame 6C04 526 B
451 B 26ms
26ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 19:44:54 GMT
via: 1.1 varnish
age: 6756960
x-cache: HIT
content-length: 315
x-request-id: 14d12fad-97fd-4ccf-a392-53696d8e6982
x-served-by: cache-yyz4576-YYZ
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
server: Fastly
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 507870

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 6E4A 930 B
1 KB 29ms
26ms Document
text/html 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 85
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 22 Feb 2024 19:44:54 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 91
x-content-type-options: nosniff
x-request-id: 9dd63409-6325-4200-8a69-0e61c475bab3
x-served-by: cache-yyz4576-YYZ
x-timer: S1708631094.181982,VS0,VE0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 6E4A 87 KB
15 KB 26ms
26ms Script
text/javascript 151.101.64.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.64.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 22 Feb 2024 19:44:54 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 97
x-cache: HIT
content-length: 15509
x-request-id: 3951bf87-2a62-4408-9692-d78def535331
x-served-by: cache-yyz4576-YYZ
server: Fastly
x-timer: S1708631094.217505,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 105

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&RedC=c.clarity.ms&MXFR=0A69277C964D678F091E3351924D6933
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&MUID=06FC45E807C36C7634FA51C506E96DF6

42 B
443 B

44ms
44ms

Image
image/gif

20.110.205.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&MUID=06FC45E807C36C7634FA51C506E96DF6
Protocol: H2
Server: 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 19:44:54 GMT
last-modified: Fri, 09 Feb 2024 19:57:16 GMT
server: Microsoft-IIS/10.0
etag: "34cccc2e925bda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 22 Feb 2024 19:44:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 987A9400C1C94E6B866A5765F0392F8E Ref B: YTO01EDGE0813 Ref C: 2024-02-22T19:44:54Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=BD38AA632A5E4D6C9B43979A2F1CDADB&MUID=06FC45E807C36C7634FA51C506E96DF6
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
607 B 128ms
117ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3171051501&v=1.1&a=5417298&pi=8880541776&ct=blog-post&ccu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cpi=8880541776&cgi=7354672154&lpi=8880541776&lvi=8880541776&lvc=en&pu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&t=The+Anatomy+of+a+Magecart+Attack+and+How+to+Protect+Your+Site+in+2020&cts=1708631094279&vi=a9f8ee48480d1a18d8ade1a87e584aae&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3d599f8c-02f6-4c99-bbd8-85f603941fc9
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3d599f8c-02f6-4c99-bbd8-85f603941fc9
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5WlURHTZ5W8NJb6OJfdkkD3rKCLsuGU1OADslOSclW6%2FRlth82c3JECBEemp5BNCXUBGPCJp7Og1O8Oz28Lmr8YY8qqoAcaz05NbQbQstsswZ072NWYgHy3mq438YhcGHdR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-9lgsc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8599b9f3697e7114-YYZ
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
668 B 112ms
81ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 50f84b6b-26a8-4c6a-be38-61227cf9942b
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 50f84b6b-26a8-4c6a-be38-61227cf9942b
last-modified: Thu, 22 Feb 2024 19:44:54 GMT
server: cloudflare
x-trace: 2BD1B231309B83B7CBB287B6C354D7585AFE978711000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-zw6mg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 8599b9f389c65491-YYZ

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
550 B 140ms
133ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2266b04195-5274-4fb4-b37e-b7858df94db1%22%2C%22c5aae3c1-e4e4-445e-bd6f-4709e1b6eb14%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3171051501&v=1.1&a=5417298&pi=8880541776&ct=blog-post&ccu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cpi=8880541776&cgi=7354672154&lpi=8880541776&lvi=8880541776&lvc=en&pu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&t=The+Anatomy+of+a+Magecart+Attack+and+How+to+Protect+Your+Site+in+2020&cts=1708631094280&vi=a9f8ee48480d1a18d8ade1a87e584aae&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b569736b-15e0-4ac0-a546-3b5e922300a6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 19
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b569736b-15e0-4ac0-a546-3b5e922300a6
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i7iWAw7Qw%2F1aay8MFicd7g9BO8XaVv6CSrgzV39jh6ReAjx%2F3OwtnKTtYPO38hSxwFijem58LqvQKY89Rol6GgHOzz%2FvAxV8Pif%2Fp%2BTu0nT0pG2XXSbwW4%2Bf514gd9kpr11l"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-mprkl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8599b9f3697b7114-YYZ
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
479 B 126ms
119ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=84471c34-147f-46a4-a010-1f802480972e&fci=156f99e9-3aa1-4f1a-b3a2-54a809c4a6f7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3171051501&v=1.1&a=5417298&pi=8880541776&ct=blog-post&ccu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&cpi=8880541776&cgi=7354672154&lpi=8880541776&lvi=8880541776&lvc=en&pu=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&t=The+Anatomy+of+a+Magecart+Attack+and+How+to+Protect+Your+Site+in+2020&cts=1708631094281&vi=a9f8ee48480d1a18d8ade1a87e584aae&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 965858db-a990-4387-aae6-1ba235a4c402
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 19
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 965858db-a990-4387-aae6-1ba235a4c402
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXl3Na3vhzeU2R%2FLFoXJ8E6tlmFoISWzde4J3J4PwO4EaZzBfx3EC3HKlslOlJ8SclJRNy82O%2BtBLAvQ3jz%2FV9%2FwbjScNs7ZPk2CnHJ2zTBGxzoydipZagRE1zR7Zv1bA0pN"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-qfmq5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8599b9f369787114-YYZ
x-robots-tag: none

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 40ms
40ms Script
text/javascript 142.251.35.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 17:51:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6792
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 22 Feb 2024 19:51:42 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 203 KB
74 KB 59ms
58ms Script
application/javascript 142.250.80.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-799952972&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5GRDCZF1Q1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.8 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s33-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

44c48bacd4f4bbd16d7659be229de8b23af0665f1139fcda1bacec871fda3da5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75223
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 19:21:12 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Feb 2024 19:44:54 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 45 KB
16 KB 171ms
171ms Script
application/javascript 23.40.179.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.40.179.200 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-40-179-200.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Feb 2024 09:12:49 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=31789
accept-ranges: bytes
content-length: 16480

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 122ms
41ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: bluetriangle.com
URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Feb 2024 19:44:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: RpKHWjNxO1x3im1LMerOx85ddP0jwTJwfTmfFK+iKfmNnfNApV+uwy6VY70Krrh4wzT8uB5Dy1E31OKdq1Yipg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 5417298.js Show response
js.hs-scripts.com/ 2 KB
1 KB 159ms
79ms Script
application/javascript 104.16.191.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/5417298.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T6RRHK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.191.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d923bd7573473efd2db9369c9966da861d566512a31ed4e118bd55192f5f5764

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 19:44:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3789d183-365f-495a-a255-976c686463df
x-envoy-upstream-service-time: 8
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3789d183-365f-495a-a255-976c686463df
last-modified: Thu, 22 Feb 2024 17:58:22 GMT
server: cloudflare
x-trace: 2BD2A47E7816288FB50437DF7D7AD82E8C1C8ED936000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://bluetriangle.com
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-f7f4ffb8f-9ch42
access-control-allow-credentials: true
cache-control: public, max-age=90
cf-ray: 8599b9f3ee0836c5-YYZ
expires: Thu, 22 Feb 2024 19:46:24 GMT

POST
H2 200 6 Show response
m.stripe.com/ Frame 6E4A 156 B
670 B 415ms
101ms XHR
application/json 44.238.48.240
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.238.48.240 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-238-48-240.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

c8d1f90709559f4080d0e72c52649401760d10f526efff9083a7838a3a4511c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Thu, 22 Feb 2024 19:44:54 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1708631094662890
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 4
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1708631094662335
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

GET
H2 200 collect
www.google-analytics.com/ 35 B
155 B 40ms
39ms Image
image/gif 142.251.35.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=185204133&t=pageview&_s=1&dl=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&ul=en-us&de=UTF-8&dt=The%20Anatomy%20of%20a%20Magecart%20Attack%20and%20How%20to%20Protect%20Your%20Site%20in%202020&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAgAAAABAAAAAAAAAk~&cid=865640538.1708631093&tid=UA-63189851-1&_gid=1116041436.1708631094&gtm=45He42h0n71T6RRHKv71697097za200&gcs=G100&gcd=13p3p3p3p5&dma_cps=-&dma=0&npa=1&z=605786890

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.35.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s78-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 00:13:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 70275
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
t.clarity.ms/ 0
296 B 274ms
63ms XHR
text/plain 20.114.189.70
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.clarity.ms/collect
Requested by: Host: bluetriangledemo500z.btttag.com
URL: https://bluetriangledemo500z.btttag.com/btt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://bluetriangle.com
Date: Thu, 22 Feb 2024 19:44:54 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

GET
H2 200 1233830516773023 Show response
connect.facebook.net/signals/config/ 61 KB
13 KB 42ms
41ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1233830516773023?v=2.9.147&r=stable&domain=bluetriangle.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

d66c70ce032fdc3993e00e9be8c3b92287d720636b8f63ff72a20e2ca48b02b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Feb 2024 19:44:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12781
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: LFrJu/90SjyWL0F1Uiyj8iVSNZinQQEYHS1+NhR2Dnd0zk9UkhxYOfP2RbrQYJGPDjwbuYpg3lISenoRppbFkg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 121ms
40ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1233830516773023&ev=PageView&dl=https%3A%2F%2Fbluetriangle.com%2Fblog%2Fmagecart-attack-how-to-protect-your-site&rl=&if=false&ts=1708631094622&sw=1600&sh=1200&v=2.9.147&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1708631094619.1090313935&cs_est=true&ler=empty&cdl=API_unavailable&it=1708631094485&coo=false&exp=e1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Feb 2024 19:44:54 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 wcdv02.rcv Show response
d.tags11.com/ 0
1 KB 294ms
170ms XHR
text/html 172.66.43.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://d.tags11.com/wcdv02.rcv?siteID=bluetriangledemo500z&nStart=1708631091964&pageName=Blog&txnName=eCommerce-bluetriangle.com&trig=2310&sessionID=247929102631956678&WCDtt=c&pgTm=2310&NVSTR=0&pageType=Blue%20Triangle%20Site

Requested by

Host: bluetriangledemo500z.btttag.com
URL: https://bluetriangledemo500z.btttag.com/btt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.43.3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 22 Feb 2024 19:44:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 180000
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Mon, 22 Jan 2024 06:00:00 GMT
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: xhr,GET, POST, OPTIONS
content-type: text/html;charset=UTF-8
access-control-allow-origin: https://bluetriangle.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NKsnEmh0KhuLynF0t30xu3wzZR38Som7RcH1smw0sXxyrhzJhZQ3zSfWnRuVxbLNjCGBboH002%2FEoyTvP0KBqrZFb7FIvaqOievVoVwQQFpokj8zN29JIOSKwNgnkw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
timing-allow-origin: *
access-control-allow-headers: xhr,content-type,Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
cf-ray: 8599b9f7eb2b543d-YYZ

POST
H/1.1 200
OK send
data.hockeystack.com/ 16 B
552 B 120ms
120ms Ping
application/json 18.196.170.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://data.hockeystack.com/send

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/hockeystack@latest/hockeystack.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.196.170.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-170-251.eu-central-1.compute.amazonaws.com

Software

nginx/1.24.0 /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 22 Feb 2024 19:44:58 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
Server: nginx/1.24.0
ETag: W/"10-oV4hJxRVSENxc/wX8+mA4/Pe4tA"
X-Download-Options: noopen
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://bluetriangle.com
Vary: Origin
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 16
X-XSS-Protection: 1; mode=block

OPTIONS
H/1.1 204
No Content send
data.hockeystack.com/ Frame 0
0 120ms
119ms Preflight 18.196.170.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://data.hockeystack.com/send

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.196.170.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-170-251.eu-central-1.compute.amazonaws.com

Software

nginx/1.24.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://bluetriangle.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://bluetriangle.com
Access-Control-Max-Age: 3600
Connection: keep-alive
Content-Length: 0
Date: Thu, 22 Feb 2024 19:44:57 GMT
Server: nginx/1.24.0
Strict-Transport-Security: max-age=15552000; includeSubDomains
Vary: Origin, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bluetriangle.com/	1970-01-20 18:37:12	Name: __cf_bm Value: JCQqDobQlfV7sMH8wJQHhdR3AZoFnfVwwtTRuYN23Hg-1708631092-1.0-AeqBZgC+C24KlOXrdwW1PamLk664dt/jsIwKwrQ7MeWMNRgfHEqNm7IqoS9BtmuOTl0OT0QAr+vMwFCV4f9G1XA=
.bluetriangle.com/	1969-12-31 23:59:59	Name: __cfruid Value: c5a615521f312224f2f9fab40363e75a1974b5ad-1708631092
www.clarity.ms/	1970-01-21 03:22:47	Name: CLID Value: e2becbb9a5334dd787e1adeb8e9c9b2a.20240222.20250221
.calendly.com/	1970-01-20 18:37:12	Name: __cf_bm Value: ANagEtt2c1dE6pOfrwPIRn.a6yma9iAk_xiTQmiy1zY-1708631092-1.0-AQOb6/vMFMyjRipy4P0xgCwIt2sSgqJ0+225ehnjzocJ+PM+vHtiZhdl+0pv2/9dTOcet7FmiU/P2CanWeTJ1eo=
.hubspot.com/	1970-01-20 18:37:12	Name: __cf_bm Value: dPemqYGttPqR2fKToSqL9SvLRrqEtAx8by9g57di7Ew-1708631092-1.0-AXJ22y+1GaxuPcZxdl3ifgMJHoCI6WiePaMo7uTtUbAs15n4qTfQpZXC9guhpz3ReqL+0IRaqSoXSnDo0QD/fRg=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: oUr0U.nZQYZ6DySbNlWT6trAakScPL7lIabYYjsyZiE-1708631092964-0.0-604800000
.bluetriangle.com/	1970-01-21 03:22:47	Name: _clck Value: j9hliu%7C2%7Cfjh%7C0%7C1513
.calendly.com/	1969-12-31 23:59:59	Name: __cfruid Value: b385515bb1c61fbdcc0dbbcc433a2f88089ed912-1708631093
.linkedin.com/	1970-01-20 20:46:47	Name: li_sugr Value: 602144e8-48be-4c5b-8971-64839e294291
.linkedin.com/	1970-01-21 03:22:47	Name: bcookie Value: "v=2&6c66f399-a69e-4dce-8569-3b2d4eeaf501"
.linkedin.com/	1970-01-20 18:38:37	Name: lidc Value: "b=VGST00:s=V:r=V:a=V:p=V:g=3245:u=1:x=1:i=1708631093:t=1708717493:v=2:sig=AQEwlHie9Mn38Rgvaw1i9Zs1gxUitvWW"
.linkedin.com/	1970-01-20 19:20:23	Name: UserMatchHistory Value: AQL5QSqVwEch5gAAAY3SWXJDL08nyt6Y9V8YPjxtgxlp_CVb_ECyZk7dVCt2ARBYerY0jSNxbryFbA
.linkedin.com/	1970-01-20 19:20:23	Name: AnalyticsSyncHistory Value: AQLrc8WIX8nWLgAAAY3SWXJDJfo32ZE11ADnvSln4BaKlRD__HmzMO9YI5tJpMv01uT0M4IYggRvKjbKbvQUCA
.www.linkedin.com/	1970-01-21 03:22:47	Name: bscookie Value: "v=1&2024022219445346268993-f3a0-4c10-8fe9-6f5b27449253AQHbuZNkT3KferF9m_I8DaEVvBVntgMQ"
.bluetriangle.com/	1970-01-20 20:46:47	Name: _fbp Value: fb.1.1708631094619.1090313935
.bluetriangle.com/	1970-01-20 18:38:37	Name: _clsk Value: 1yfwdxj%7C1708631094679%7C1%7C1%7Ct.clarity.ms%2Fcollect
.bing.com/	1970-01-21 03:58:47	Name: MUID Value: 06FC45E807C36C7634FA51C506E96DF6
.c.bing.com/	1970-01-20 18:47:15	Name: MR Value: 0
.c.bing.com/	1970-01-21 03:58:47	Name: SRM_B Value: 06FC45E807C36C7634FA51C506E96DF6
m.stripe.com/	1970-01-21 04:13:11	Name: m Value: 246ed59a-31f0-4470-9be5-16b25ddec30d8119da
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 03:58:47	Name: MUID Value: 06FC45E807C36C7634FA51C506E96DF6
.c.clarity.ms/	1970-01-20 18:47:15	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 18:37:11	Name: ANONCHK Value: 0

73 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site(Line 1911) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site(Line 1911) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site(Line 1911) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://bluetriangle.com/hs-fs/hub/5417298/hub_generated/template_assets/90501112134/1695204311840/Bluetriangle-Theme-Resource-Blog-2022/images/plus.png Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1233830516773023?v=2.9.147&r=stable&domain=bluetriangle.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://bluetriangle.com/blog/magecart-attack-how-to-protect-your-site Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5417298.fs1.hubspotusercontent-na1.net
app.hubspot.com
assets.calendly.com
bluetriangle.com
bluetriangledemo500z.btttag.com
c.bing.com
c.clarity.ms
calendly.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
d.tags11.com
data.hockeystack.com
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hsforms.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsleadflows.net
js.hubspot.com
js.stripe.com
m.stripe.com
m.stripe.network
newbt.wpengine.com
no-cache.hubspot.com
notifier-configs.airbrake.io
pagead2.googlesyndication.com
perf-na1.hsforms.com
perf.hsforms.com
pro.fontawesome.com
px.ads.linkedin.com
s7.addthis.com
snap.licdn.com
static.hsappstatic.net
t.clarity.ms
track.hubspot.com
w.usabilla.com
www.clarity.ms
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
104.16.191.89
104.16.77.186
104.17.231.163
104.17.239.249
104.17.25.14
104.18.124.12
104.18.176.125
104.18.176.93
104.18.192.125
104.18.40.68
104.18.41.175
104.19.154.83
104.19.155.83
104.22.59.128
13.107.21.200
13.107.246.40
13.107.42.14
142.250.80.8
142.250.81.227
142.251.35.170
142.251.35.174
142.251.40.98
151.101.193.229
151.101.64.176
172.64.146.132
172.64.153.27
172.66.43.3
18.196.170.251
199.60.103.99
20.110.205.119
20.114.189.70
23.40.179.200
23.73.233.5
3.210.159.148
31.13.71.36
31.13.71.7
34.75.101.160
44.238.48.240
52.20.221.94
54.230.163.90
000cc4476b77ba7f603be9c0d09e2679557bcc113205b25b3d8d26c192252c25
00dc1ed21f06e04e081cdf188c55b5d71436d19936db3929e9e98573d7f7ab3b
00e23270683c62ec0ffccb7fd77235f8b05d457990ad9ea7f8392c567b1189a3
01a66f314327c44281f84d65a39b9473117ef5e91035f9c1b9554b63431242c6
04b01f0402a6765741efab24dd00d1c8a4da6da9074f1f8f6330a686e9abd04a
0816f43565bc51e89821caaa9b361610bffc6f5f33bad96ea6fd003ecd186923
09086c130a1b3f32bc414e76a9243bb0ff0850e0047c3b24918b4a080a6feb69
09efeaffa3560b98c2ffd65e4add418fa1406463902a1b0fdd643abd0816f912
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
0ee4fca273933599ba270eabb6a1dceec06a1af70312a14559ef360331c0eb3d
0fe58665717d181d7c179eaa75857f3fe083b452183eaeed97d9b1f18b5c13f8
14ae13e024eceb5c9d5510d6d6290d0188ed4a15f48f99a03067cceeb006ba73
17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f
19b36d72c8b834372d3b7e0c39cf33e9a24931dc66be8161af08e86fdd10ffa8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2fc22c99a8447321e0e800f54a583cae3dbed366e4dca934944be59a5953938f
31233067b3bddf82f31483142c218a8284b085e2c0a2406f7822d7d2b08b01e4
3377f892c039fa7a6edf1d077fbb770b4a54490f8ed5a32fc735f357e5beaf57
3468fcfc63c785677808241a3ec81fd5d3e94c3fda3df21253f933450c3ab5e1
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3eb9b294b344cf47c2af14fafe8528fccc545cb25b9325802a3bd1b0696171b6
3f1eeddbb5ae8cfbb17c224a09029987a65fd2c85961e5512b0045f690864be6
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44c48bacd4f4bbd16d7659be229de8b23af0665f1139fcda1bacec871fda3da5
4c59c0c431c5c32e278675305b6cbe01020242af504abda78b09c104f433506a
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
559d3222f76f6992d0dc335f3ebee4647962c126c7916b196c5e719411fcdf95
574433925af60da2dd02d84eaeb28918a9b3765fcfc285917e24b64b9cdf9105
5c08b26454b2056df62e06dfe14697bfa8b14413d2c71bb2b11233cbaa582c25
6098ccb73530dfabe3af94c2f3de535fd585c80cc0715b5dc28bc60afdd8e067
60de9041e9d0b7fcb62607e1130b09faaf065dd590b627f4d67fce11b54e9e38
622faf9dabe778ee842664538837750c426f1f73253c51e0bceaa845957d3e85
629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916
6ab9900a87522e2048902d4e744b6bf373c2a4f6463859c8966fe95099226b6a
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c2b226df1b47bf72f0883335413060def803191a5f37b3da3fbc6d6b571f1e0
6ca0333156834755ab62ae53e9b751af4dac581997ff0cb0e26cbccb003bd2b9
776746fcb8c8067d9a60fdd74f723cfe17c0cea2c44b5366394422017da20a05
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
835aa00144b06d0d2ba89cf8f0a30b2363b82dc296c39b96ebf3d365315c70f8
889794fd02992011c4b843a05190531656d4c6148e6d4375be6bab3432b580d0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8ddc95d932799d0cb415df96a68f7c435d1dd90e522e3d6c130386c3de2e45ed
8ea98b82eb62795846fed9452c40531d668dd519e29633c196905d6f5af8d846
928d261a96884bd8a49872f8f1d543a78cc8b8ef8ef17cdef08042f8c50cbdcf
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
998e353812042cec7abab227c888a8bc7183b0765cf58edec6b386f00f1ed1b0
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b06e4f9701667cbfb2c27b4955dfb26ad87cf2d410df01289c744f17a1a0257
9df8d054a1e59a075fd383fd54758dee9013aa075310b284e4822948cc26d917
a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3
a49c840d89180c7ccb5e16edc4121cba01c6dd17d23bda32a446ddc7c0d87e60
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d
aea9247caa72834f36dc478737e62fe270bd543ade4c8a7b4f7349d4573dce30
af16b484b637cbb02d10f4339aafe1f8e4d781ba01994e2ef2fbb0ba143baa44
b6ce8b9b3325199e5326b6709cfc50f8c0d1e1323aced65a85d9286925783a73
b7684ef5ef7ee0d536403226f29a0d97d394ea2bec8877983a3f2da6d4665432
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
bf9491fe9491befe7774f230174372517715f42ddd86e66acbc5d3f862c684b2
c0530063e482b71806f95f1f35e4f9d601e1e3511750b8bb2caecfcc37ff3bcd
c0c4afeb9a81ca3b60c5dc142dd649ee4a16f73cff1980af717f57e76474a515
c51f1138eb7c2712e2427f6a3f448df24c07ce271bc24c6fff8284a4ec1c1fda
c8d1f90709559f4080d0e72c52649401760d10f526efff9083a7838a3a4511c9
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9582eafa6d483fe77dc2c55a2ed3d57902ce056f43bb32f6edc87a27f1bafc9
c96ffd41ebeae752a5c45a0ef1f924dd5273c09f71453d4d158e54d8610e64b8
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d41624e9721619a0dbe00d0fd9c0175a8f97c484aab61117db7246f69b7de9ba
d66c70ce032fdc3993e00e9be8c3b92287d720636b8f63ff72a20e2ca48b02b6
d7b88f6ac1ab16f64fbef6c112cf90ec87b9ec392707cc68a0c24f4d79cab007
d923bd7573473efd2db9369c9966da861d566512a31ed4e118bd55192f5f5764
db7d4517c08bd45d9c379997b693687663a2471c927810bdcac5a8772c68e741
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc98485f923213df395cf95a4988e2afff2035014d41a0fc8f582057f414aa69
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e34fad5aec7d94468881946a5130acbb155575eae5d775f18cfa478c9b6fd1b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b37b305ef946672b9e7dabeffa5d5e007a1ee9850403c59b55ec5f9941294b
e5be1e5872552c72fb56ed101a552da3401a173690b524d38aab4e85c5c6d18b
e70a3ecc59dfaa6ce03edce54d641a90146c5390fa859d472ecfdd804591618e
e7e4fe850a3becbabf45215b05085240a80d738f51a0e74d7e02f971c8f3ffdd
e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e
e9f39fc22eccfef4525527f0bc75525e3fa522f5bd1bd2b18d29ebdbd1ae00cb
ee9f2f620122112ded1f6498ba96d1c797429ab7c07806f689ed5d7142c15973
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f9db1b06a7cfcabc0a842a496f6af2ab20c2e9aa6482210313b3c1588f4a066a
f9f16cd561f16deb176c3cd299133323db701824399abc5a984352dc341d0565
fb2fd6be44bd4579b0f2874634b177065d0ec8a4cc234bd93d990b497e496996
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

bluetriangle.com Open in urlscan Pro 199.60.103.99 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

119 Requests

98 %HTTPS

0 %IPv6

35 Domains

47 Subdomains

40 IPs

3 Countries

3833 kBTransfer

8203 kBSize

24 Cookies

29 Outgoing links

Redirected requests

119 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bluetriangle.com Open in urlscan Pro
199.60.103.99 Public Scan

Screenshot
Live screenshot

Full Image

119
Requests

98 %
HTTPS

0 %
IPv6

35
Domains

47
Subdomains

40
IPs

3
Countries

3833 kB
Transfer

8203 kB
Size

24
Cookies

119 HTTP transactions
2 data transactions