www.avanan.com Open in urlscan Pro
199.60.103.2 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9...
Effective URL:
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%2...
Submission: On February 22 via manual (February 22nd 2024, 10:41:56 pm UTC) from AU — Scanned from AU

Summary HTTP 195 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 53 IPs in 4 countries across 46 domains to perform 195 HTTP transactions. The main IP is 199.60.103.2, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.avanan.com. The Cisco Umbrella rank of the primary domain is 734592.
TLS certificate: Issued by GTS CA 1P5 on January 16th 2024. Valid for: 3 months.

This is the only time www.avanan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 57	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	172.64.206.38 172.64.206.38	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.76.106 142.250.76.106	15169 (GOOGLE) (GOOGLE)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.99.59.34 104.99.59.34	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.16.111.209 104.16.111.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	104.19.155.83 104.19.155.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.212.51 104.18.212.51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	104.18.34.221 104.18.34.221	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.176.93 104.18.176.93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.71.72 142.250.71.72	15169 (GOOGLE) (GOOGLE)
1	13.224.181.26 13.224.181.26	16509 (AMAZON-02) (AMAZON-02)
7	142.251.221.67 142.251.221.67	15169 (GOOGLE) (GOOGLE)
2	142.250.66.225 142.250.66.225	15169 (GOOGLE) (GOOGLE)
8	157.240.7.26 157.240.7.26	32934 (FACEBOOK) (FACEBOOK)
5	192.229.237.25 192.229.237.25	15133 (EDGECAST) (EDGECAST)
1	18.67.111.40 18.67.111.40	16509 (AMAZON-02) (AMAZON-02)
1	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.229.163 104.17.229.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.122.12 104.18.122.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.78.186 104.16.78.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	104.17.203.204 104.17.203.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.18.192.125 104.18.192.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	104.18.131.236 104.18.131.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	44.205.222.73 44.205.222.73	14618 (AMAZON-AES) (AMAZON-AES)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	23.47.73.144 23.47.73.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.251.221.66 142.251.221.66	15169 (GOOGLE) (GOOGLE)
1	18.67.111.90 18.67.111.90	16509 (AMAZON-02) (AMAZON-02)
1	13.35.148.17 13.35.148.17	16509 (AMAZON-02) (AMAZON-02)
1	54.156.208.110 54.156.208.110	14618 (AMAZON-AES) (AMAZON-AES)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.64.151.60 172.64.151.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	65.8.161.52 65.8.161.52	16509 (AMAZON-02) (AMAZON-02)
1	172.64.144.225 172.64.144.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.67.111.57 18.67.111.57	16509 (AMAZON-02) (AMAZON-02)
1	103.43.89.4 103.43.89.4	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.26.11.16 104.26.11.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.117.110.211 34.117.110.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
3	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
1	142.251.175.155 142.251.175.155	15169 (GOOGLE) (GOOGLE)
3	142.250.76.99 142.250.76.99	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	157.240.7.35 157.240.7.35	32934 (FACEBOOK) (FACEBOOK)
2	142.250.204.4 142.250.204.4	15169 (GOOGLE) (GOOGLE)
9	13.35.147.72 13.35.147.72	16509 (AMAZON-02) (AMAZON-02)
1	104.19.154.83 104.19.154.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.35.149.62 13.35.149.62	16509 (AMAZON-02) (AMAZON-02)
195	53

57 199.60.103.2 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.avanan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.206.38 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.76.106 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.99.59.34 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-99-59-34.deploy.static.akamaitechnologies.com

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.111.209 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.19.155.83 (None, )

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.212.51 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.18.34.221 (None, )

ASN13335 (CLOUDFLARENET, US)

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
reviews.static.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.176.93 (None, )

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.71.72 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s17-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.181.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-181-26.syd1.r.cloudfront.net

lftracker.leadfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.221.67 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.66.225 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s15-in-f1.1e100.net

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 157.240.7.26 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-sin6.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.229.237.25 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-40.syd62.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.229.163 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.122.12 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.78.186 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.203.204 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.192.125 (None, )

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.18.131.236 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.205.222.73 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-205-222-73.compute-1.amazonaws.com

bf28149orj.bf.dynatrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.47.73.144 (Inkster, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-47-73-144.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.221.66 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-90.syd62.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.148.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-148-17.syd1.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.208.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-208-110.compute-1.amazonaws.com

ct.capterra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.60 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.8.161.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-8-161-52.sfo53.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.144.225 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-57.syd62.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.43.89.4 (Singapore, Singapore)

ASN29990 (ASN-APPNEX, US)
PTR: 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.11.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.110.211 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.110.117.34.bc.googleusercontent.com

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.175.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: sh-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.76.99 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f3.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.240.7.35 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-sin6.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.204.4 (Sydney, Australia)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.35.147.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-147-72.syd1.r.cloudfront.net

checkpointsoftwaretechnologiesincavanan.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.154.83 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.149.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-149-62.syd1.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	avanan.com 1 redirects www.avanan.com — Cisco Umbrella Rank: 734592	2 MB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 5416 c.6sc.co — Cisco Umbrella Rank: 8324 ipv6.6sc.co — Cisco Umbrella Rank: 5568 b.6sc.co — Cisco Umbrella Rank: 3635	26 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 338	155 KB
9	insent.ai checkpointsoftwaretechnologiesincavanan.widget.insent.ai	508 KB
9	gartner.com www.gartner.com — Cisco Umbrella Rank: 51288 reviews.static.gartner.com — Cisco Umbrella Rank: 134340	199 KB
8	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 12580 app.hubspot.com — Cisco Umbrella Rank: 5489 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4459 track.hubspot.com — Cisco Umbrella Rank: 2372 forms.hubspot.com — Cisco Umbrella Rank: 5253	10 KB
7	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1276 syndication.twitter.com — Cisco Umbrella Rank: 1627	160 KB
7	gstatic.com fonts.gstatic.com	82 KB
6	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 3508 px.ads.linkedin.com — Cisco Umbrella Rank: 362 www.linkedin.com — Cisco Umbrella Rank: 631	163 KB
5	google.com analytics.google.com — Cisco Umbrella Rank: 160 www.google.com — Cisco Umbrella Rank: 2	925 B
4	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 1075	276 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	157 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 103	33 KB
3	google.com.au www.google.com.au — Cisco Umbrella Rank: 28519	670 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 24187 ibc-flow.techtarget.com — Cisco Umbrella Rank: 21896	2 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 86	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 373	14 KB
3	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 13630	3 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	316 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	3 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1106	135 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9506	719 B
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 46212 t.influ2.com — Cisco Umbrella Rank: 44491	3 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 712 script.hotjar.com — Cisco Umbrella Rank: 944	60 KB
2	dynatrace.com bf28149orj.bf.dynatrace.com — Cisco Umbrella Rank: 85233	1 KB
2	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 45 lh5.googleusercontent.com — Cisco Umbrella Rank: 178	176 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 233	9 KB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 16217	18 KB
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 11372	750 B
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 500	700 B
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8271	1 KB
1	terminus.services vidassets.terminus.services — Cisco Umbrella Rank: 40524
1	capterra.com ct.capterra.com — Cisco Umbrella Rank: 21193	353 B
1	cloudfront.net d10lpsik1i8c69.cloudfront.net d26x5ounzdjojj.cloudfront.net Failed	3 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 552	315 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 800	16 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3428	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2213	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5018	88 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3140	4 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2217	23 KB
1	lfeeder.com tr.lfeeder.com — Cisco Umbrella Rank: 23532	294 B
1	leadfeeder.com lftracker.leadfeeder.com — Cisco Umbrella Rank: 79192	11 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5583	6 KB
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 22638	7 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8330	2 KB
195	46

	Domain	Requested by
57	www.avanan.com	1 redirects www.avanan.com
11	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org www.avanan.com
9	checkpointsoftwaretechnologiesincavanan.widget.insent.ai	www.avanan.com checkpointsoftwaretechnologiesincavanan.widget.insent.ai
8	b.6sc.co	www.avanan.com
7	fonts.gstatic.com	fonts.googleapis.com
6	www.gartner.com	www.avanan.com www.gartner.com
5	platform.twitter.com	www.avanan.com platform.twitter.com
4	static.xx.fbcdn.net	www.facebook.com
4	px.ads.linkedin.com	2 redirects www.avanan.com snap.licdn.com
4	connect.facebook.net	www.avanan.com connect.facebook.net
3	track.hubspot.com
3	www.facebook.com	www.avanan.com connect.facebook.net
3	www.google.com.au	www.avanan.com
3	analytics.google.com	www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.avanan.com
3	perf.hsforms.com	www.avanan.com
3	reviews.static.gartner.com	www.gartner.com
3	www.googletagmanager.com	www.avanan.com www.googletagmanager.com
3	fonts.googleapis.com	www.avanan.com
3	use.fontawesome.com	www.avanan.com use.fontawesome.com
2	www.google.com	www.avanan.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	epsilon.6sense.com	j.6sc.co
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	bf28149orj.bf.dynatrace.com	www.gartner.com
2	syndication.twitter.com	platform.twitter.com www.avanan.com
2	cta-service-cms2.hubspot.com	js.hscta.net
2	cdnjs.cloudflare.com	www.avanan.com www.gartner.com
1	js.pusher.com	checkpointsoftwaretechnologiesincavanan.widget.insent.ai
1	forms.hubspot.com	js.hsleadflows.net
1	stats.g.doubleclick.net	www.googletagmanager.com
1	t.influ2.com	www.influ2.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	script.hotjar.com	static.hotjar.com
1	tracking.g2crowd.com	www.avanan.com
1	vidassets.terminus.services	www.googletagmanager.com
1	trk.techtarget.com	www.avanan.com
1	www.influ2.com	www.googletagmanager.com
1	ct.capterra.com	www.avanan.com
1	d10lpsik1i8c69.cloudfront.net	www.avanan.com
1	static.hotjar.com	www.googletagmanager.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	www.linkedin.com	1 redirects
1	snap.licdn.com	js.hsadspixel.net
1	api.hubapi.com	js.hsadspixel.net
1	app.hubspot.com	www.avanan.com
1	js.hs-analytics.net	www.avanan.com
1	js.hsleadflows.net	www.avanan.com
1	js.hsadspixel.net	www.avanan.com
1	js.hs-banner.com	www.avanan.com
1	tr.lfeeder.com	www.avanan.com
1	lh5.googleusercontent.com	www.avanan.com
1	lh3.googleusercontent.com	www.avanan.com
1	lftracker.leadfeeder.com	www.avanan.com
1	static.hsappstatic.net	www.avanan.com
1	js.hscta.net	www.avanan.com
1	no-cache.hubspot.com	www.avanan.com
1	cdn2.hubspot.net	www.avanan.com
1	platform.linkedin.com	www.avanan.com
0	d26x5ounzdjojj.cloudfront.net Failed	www.avanan.com
195	64

This site contains links to these domains. Also see Links.

Domain
www.checkpoint.com
accounts.checkpoint.com
gtnr.io
www.gartner.com
careers.checkpoint.com
twitter.com
www.linkedin.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
www.avanan.com GTS CA 1P5	`2024-01-16` - `2024-04-15`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
www.gartner.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-13`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.leadfeeder.com Amazon RSA 2048 M02	`2024-01-03` - `2025-02-01`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-02` - `2024-03-01`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.lfeeder.com Amazon RSA 2048 M02	`2024-02-20` - `2025-03-20`	a year	crt.sh
syndication.twitter.com R3	`2024-02-21` - `2024-05-21`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.bf.dynatrace.com Amazon RSA 2048 M02	`2023-12-20` - `2025-01-16`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.capterra.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-01` - `2024-08-31`	a year	crt.sh
influ2.com GTS CA 1D4	`2024-01-29` - `2024-04-28`	3 months	crt.sh
*.terminus.services Amazon RSA 2048 M02	`2023-09-16` - `2024-10-14`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
t.influ2.com R3	`2024-01-08` - `2024-04-07`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M02	`2023-05-04` - `2024-06-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google.com.au GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-01-13` - `2024-04-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.widget.insent.ai Amazon RSA 2048 M03	`2024-01-30` - `2025-02-27`	a year	crt.sh
js.pusher.com Amazon RSA 2048 M01	`2023-04-13` - `2024-05-11`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Frame ID: 38B08163E58DE0592416D8040CA3210F
Requests: 169 HTTP requests in this frame

Frame: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Frame ID: F9CB24615D801968675D4B6CD972BBFC
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com
Frame ID: 74C0304FF0D44A202CE9A70B8A6489AD
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 4A9169ED94B826094C39742A5E4D9D0F
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 3B1780E8D4D7CC12EEE6E4B4635E52DF
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61c750ce90fa0b00%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 5049A66D0EE8CAE87B876BA4CAF44B55
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df76745884cfe49413%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 7D89FC4F2F0CF51B01E113990CF4F275
Requests: 3 HTTP requests in this frame

Frame: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 4F56FAA7D8C150C1448B6A50CF7609ED
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Microsoft Reply AttackBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95... Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1... HTTP 307
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomwa... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

195
Requests

98 %
HTTPS

0 %
IPv6

46
Domains

64
Subdomains

53
IPs

4
Countries

5153 kB
Transfer

12382 kB
Size

39
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://www.checkpoint.com/partners/channel/
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://accounts.checkpoint.com/#/login
Title: Go Now

Search URL Search Domain Scan URL

URL: https://gtnr.io/KTCLEMy5I
Title: Submit a review

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/5053682?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/5053454?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/5046086?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4859858?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770260?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4871998?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4835268?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4805710?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4802398?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4791196?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4778378?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4776428?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4774748?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770850?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770682?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/3424847?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770336?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770022?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4768382?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4768390?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://careers.checkpoint.com/?q=&module=cpcareers&a=search&fa%5B%5D=department_s%3AEmail%2520Security&sort=
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/AvananSecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/avanan/

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.checkpoint.com/privacy/cookies/
Title: Cookie Notice

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04 Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04?_ud=0b224e81-2b32-41de-ab96-6220a74971a1&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1708641708698%26li_adsId%3D09abe0f7-38a6-4512-91f0-7b7970cc7ab9%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog%252Fthe-microsoft-reply-attack%253Futm_campaign%253DCampaign%252520-%252520IB-OB%252520Ransomware%252520APAC%2525202%25252F13%252520-%252520FY24%2526utm_medium%253Demail%2526_hsmi%253D293972812%2526_hsenc%253Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%2526utm_content%253D293972812%2526utm_source%253Dhs_automation%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true

195 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LN...
www.avanan.com/e3t/Ctc/2H+113/ccGyW04/ 8 KB
4 KB 326ms
311ms Document
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 859abd05dcc379cf-SYD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Thu, 22 Feb 2024 22:41:46 GMT
last-modified: Thu, 22 Feb 2024 22:41:46 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=of78kRHRgfTRzwIJ7w47EuFkJO68sZigPFgA84qC3im81Mp5LN%2BVs%2F6Prxf0E%2FVv1KQpeTYkoT%2Bg%2FmUBoSKUsnbclHaNxiElCFyGfmb19y30sYvL%2F%2F7IaJfqUhAurV4E"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 6
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-5c6d56bb5f-5cpgk
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 4322d1fc-5f7e-4b14-ace2-46d6c1cea2d7
x-request-id: 4322d1fc-5f7e-4b14-ace2-46d6c1cea2d7
x-robots-tag: none

GET
H2

200

Primary Request the-microsoft-reply-attack Show response
www.avanan.com/blog/
Redirect Chain

https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7kn...
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTI...

88 KB
21 KB

26ms
26ms

Document
text/html

199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a88f274133df7cd377eaaf7a2ac91cac584671004d8fcfc06cf9ff723c1f689a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=60, max-age=0
cf-ray: 859abd0a182979cf-SYD
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 22 Feb 2024 22:41:46 GMT
edge-cache-tag: CT-106960374431,CG-4153530738,P-1835778,L-6416153737,CW-10828273430,CW-10828758285,CW-11124227288,CW-38920737000,E-5097885803,E-6067151804,E-6073351973,E-6073918834,E-6084513730,E-6476923280,PGS-ALL,SW-2,B-4153530738
etag: W/"4338998ae643f1faa361a7d46d70e668"
last-modified: Sun, 18 Feb 2024 11:33:10 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5SI%2FWEj4Ee5Eis5NWNXTMjgBEvX8d1G2NFAkn4K9UuBZCQ7YEFyhhzQMZ8ilOHYSaYslryxw8cUbuxmPZQ4caR3pZgIrvtFCi0eOU2DYI8f%2FI7xnPMeWH9%2F0KPW9yka"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=60, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-id: 106960374431
x-hs-hub-id: 1835778
x-hs-prerendered: Sun, 18 Feb 2024 11:33:10 GMT

Redirect headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 859abd07ee2179cf-SYD
content-security-policy: upgrade-insecure-requests
date: Thu, 22 Feb 2024 22:41:46 GMT
link: <https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation>; rel="canonical"
location: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8%2FQHsCS1lGnsW2cMXY8ub7kv1snwTHVnIu5D44iwDFoDQkGJuMUfDwgDy%2FiyURsneb5lri7ei01LYW3lCPVa%2BCXDl8OUfj%2FmDhQIst7znNSpr%2BbUx1xPMKWBg0I5qc9"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 39
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-5c6d56bb5f-tfxkm
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 5446d523-c9bb-4c3a-a138-59b3b199e358
x-request-id: 5446d523-c9bb-4c3a-a138-59b3b199e358
x-robots-tag: none

GET
H2 200 project.js Show response
www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
968 B 50ms
50ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 612131
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d8sJegnj2m%2FSFoxHj9Icop0xENQbZk2GiwZQIyqKIvdhlGdL5ZUvstRo7%2FtAiQ%2FcW3kcDqMTMBIae2V5P%2FWufp%2B2kuihbipmidu%2FTfm%2BB9%2FmoBRNeYLTPZ5UPcfw7nTB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 859abd0a483979cf-SYD
x-amz-cf-id: nMTFlq0h4ocZKCjyZHE7AWCQJJtQz42e1AhbBKb-R733rS3Qh9a0rw==
expires: Fri, 21 Feb 2025 22:41:46 GMT

GET
H2 200 post_listing_asset.js Show response
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 49ms
49ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 602443
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZR3J9UFG12HMmlu8DRs4qQ9M7wx7PvzmU8X4YtyqarS7ng%2Bfdw%2FO9YMMikIfvi6C3dXG2VWxNtBGoY8%2BoySKWpRl4%2FYyr4j3i9tv1UCnG7r8OoBrMrHGnZK9moSzFdkC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 859abd0a483b79cf-SYD
x-amz-cf-id: FXI3vB0pd33Lsv7aVPFzi1wIkOkuoFPucUF682W00AdJVl9OTeP3zg==
expires: Fri, 21 Feb 2025 22:41:46 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 76ms
72ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 607203
x-amz-cf-pop: SYD62-P2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHm2rleZZHunq0bSs%2FS0fzdOQAeMSBhS4uZWgFngSZPCRtw6psrUPhv%2BiYvUTaFQXDAiq7S9OAdTK3W16JFIrDIcFs%2BTRVBhPFOcsKSYJHVPsHn04KQC0a79G1HAwK3g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 859abd0a584479cf-SYD
x-amz-cf-id: HjK0Y39lt_Y_u8X9zru1ZzjNRBtYtJ2IZu58oKAiPr--HDcJYDjQiw==
expires: Fri, 21 Feb 2025 22:41:46 GMT

GET
H2 200 module_38920737000_header-NEW.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/ 350 B
2 KB 46ms
42ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/module_38920737000_header-NEW.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3060
x-amz-request-id: E7PRK7ZD7JHXSNZJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d03acb35e50d52eba2de45e92772724e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693339116978
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mzhlCP.Q4kGZtjrszMLY3UteK9JyKt8t
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: de32b031-4038-4b04-a37f-c0b960d2117c
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 172
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZdGUnj3Gr9HUEYHwDmXExJe2BBxNVxfTijdNXxIWQAow9H5VYOPFo5Dky1LTF5C7LGAxxBpAFYY=
x-evy-trace-route-configuration: listener_https/all
x-request-id: de32b031-4038-4b04-a37f-c0b960d2117c
last-modified: Tue, 29 Aug 2023 19:58:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s6C3npGGQDW6lNV3pUpm86IjES8wH%2BltyRT6fGG%2F7rel3Gv6LoKT9u1gZlf25GUHkH0tb7QubtH%2F7QYF9wduW4CCOPNcJRzWyoZkh9FAm2qFahdXEBOexIjUwgTZHRwT"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-d7b5c
access-control-allow-credentials: false
cf-ray: 859abd0a584379cf-SYD
x-amz-cf-id: Jgjkq4fPkKmvVtksEXIKNBq9lL85hdA5OjRLFO7x-seKxfMSB4L1ig==

GET
H2 200 reset.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/ 760 B
2 KB 49ms
43ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/reset.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: VQTM304E8XZRFXHB
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"dd216fc74c067413933b3c64bb975273"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: adg6Tcxw8bHaHALCZHMiZcGnIuL6f9nZ
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: fc0178e9-54fc-4694-8095-4c4bd0355bbe
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-amz-id-2: e4VJkwr4RZK8WeGgeJc2dTrKak2kLhyPIHVY5xnKCYNbHex6zBX1TE1soDzNTNQTeFt306DPRS0=
x-request-id: fc0178e9-54fc-4694-8095-4c4bd0355bbe
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GwZObgzRaGGIOdwth%2FmUIvHhk3llI1yeE%2F7kjYwx1rKifd92%2Fdu7%2FqsIrlVlAg%2Fk76oTsIQf2IOrLwit7j%2BfQXesOCP2DkmLz0eDFNy5oIQDssWypyI8FWH4Ld6WQnNa"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-ffcvb
access-control-allow-credentials: false
cf-ray: 859abd0a584979cf-SYD
x-amz-cf-id: Ms5AoJ_rtBHZk_zsHgFgBENfKYrl10HWlmaUltaTcd4oq1R78YapAw==

GET
H2 200 module_11124227288_updated_blog_body.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/ 5 KB
2 KB 55ms
49ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/module_11124227288_updated_blog_body.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: H9FQ106BY03E80CJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"34740dad57e89fd2749c7cdb3497cb09"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298028261
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: HyZl6ue_xg82nZe3wq8kD7rN5WNVoPQi
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: e068d3af-adfd-4ceb-8da2-1534a66ba418
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 227
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hA/enLViIhkBbmpIjWxq0x10cXfgOLxHtZtDctXzTm+A2cGTwKqMZeP6f0DHcY6noJ5pQCzMMZI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: e068d3af-adfd-4ceb-8da2-1534a66ba418
last-modified: Fri, 05 May 2023 14:47:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNB37bBoJMiDKb2PI9uT5JW5VHNQEtKINnsKG2noZaWV0xkQZb%2FRyZz219nc7eDfuVJdW99OS4%2BszZyN2Rvy%2BPtyEUw7A4o17CujGVTE0TFWS68%2BJ%2F3VE2abpCOwFuSk"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-tk8pg
access-control-allow-credentials: false
cf-ray: 859abd0a584b79cf-SYD
x-amz-cf-id: jGZbgPXF6Oy7MHMcaI4WBXgu6xIR4hzwK99ue1cdeenffcwDY7HW9g==

GET
H2 200 project.css
www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 720 B
724 B 81ms
75ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 902b6168cd46b8e2de576dabe4e7f0f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 602446
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: 7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:47:10 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QROAYkgDmn2b6PJFxtvWBk3KgBnpVPg4elElTlb7yhCE7cPQGygM9xQcflE6nw9sE9Dth%2Fw5pMIAam1LZa3jroYz6BW%2BfUxsSIaAuZ2EucJbUbjIMKKbfcbvr8tDqH2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 859abd0a584c79cf-SYD
x-amz-cf-id: 3wgvXkZrz1hjDWfQWvcpU977On9eyJJgsEr0NsXWTHGGRer93sUyeA==
expires: Fri, 21 Feb 2025 22:41:46 GMT

GET
H2 200 rss_post_listing.css
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
827 B 49ms
43ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 7fe70ef74e6a71dc6fcd4b1b62861ffc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 597845
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XzGNB5KPYvQXtkGF9gwQCJoJjadS1dM5bZee46wOpqRRtJtkARGpjTV85D%2FXCoKhE%2BNRXpazNd6KSRv9NeVhY6l9rHwGBumqgRAlS1FHZEAKLITxTj%2BCQg3YyUQJsnOs"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 859abd0a584d79cf-SYD
x-amz-cf-id: KRbz0DODWQlGmlcJZsDyPjTVEzKHV-3c_jrfQ8jaQzgAQj3vQ2hgsg==
expires: Fri, 21 Feb 2025 22:41:46 GMT

GET
H2 200 module_10828758285_updated-blog-cta-banner.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/ 43 B
808 B 50ms
44ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/module_10828758285_updated-blog-cta-banner.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
age: 2551
x-amz-request-id: 73GHX4ET80VTBN7K
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: "5c9c72ede880a71bcb77cbc90d5183e2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233594853
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ltjXTsnFD2W5CxxF4UctYebNy2UB5hTD
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f4aa915a-d12f-4bfc-9e98-592aa57b3e9d
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 168
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-id-2: qLH0sHK6s4bu2BMo9crKIH2A2Xz+9G7OEZNH1ncHOlXq/Wkt1qq0RLPx53MnZBInzbgE91/S+oo=
x-evy-trace-route-configuration: listener_https/all
x-request-id: f4aa915a-d12f-4bfc-9e98-592aa57b3e9d
last-modified: Tue, 11 Apr 2023 17:19:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6e9jiYRutsHa9PSCmGMnpS4Ue0onvo21WrUnGyjfXOW9gXWiMkKGpCDfBAkDTMxeb6z32ogUoP9XmRjZtcJnjQD%2FSqMxN9DOto5IqhXDew7xIrMslgcGUe9dEBCgh7y"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-zjtxl
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 859abd0a584e79cf-SYD
x-amz-cf-id: lW2X2NBPy_AceSfO7EVcxq1W5WnngTdHi8Y7CpAD2k951vjC-SAWqA==

GET
H2 200 module_10828273430_updated-blog-footer.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/ 1022 B
2 KB 50ms
45ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/module_10828273430_updated-blog-footer.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: 1HJZK9FPK95B65FP
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"0db2aa71f1f3b6937b6f53dfa6ff0be5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233744378
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 7a99ed3f39c18af8fe138a695e5f657c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: t.xmjVBLpB.BylnQD5kN_qjPsk0xLKEI
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 357a3f75-dc24-4136-a51c-462f7f375ef6
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QFmKnkLgPkbGP8xI3QFHUO2HsJevZ0B2Cq14iCi9yif2rbajJ2GdlEPOpZjJII0AmOhPwPw0jnk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 357a3f75-dc24-4136-a51c-462f7f375ef6
last-modified: Tue, 11 Apr 2023 17:22:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uvCU93EyH8w2cxYs9Xna0pKBtAeSGOz4EVae0bC3JZIeELFDqlvRPl5RlXA5NUheyWqbCrA2w2i9JfrvKyD0heCzlJeKnQYfLRP3JcFud%2F1L0bIyOEu5Zudc%2BTvT%2Fpa"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-ffcvb
access-control-allow-credentials: false
cf-ray: 859abd0a585079cf-SYD
x-amz-cf-id: nDaSrF_yXqqtpW_uke_pb7bIg4uPWbgvluDr6Opt8r8aMjvLAc92aw==

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
10 KB 599ms
104ms Stylesheet
text/css 172.64.206.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.206.38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1652952
etag: W/"20a9ce516eaea76da29a23adc43e8998"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1GD5mfe%2BAjNfp3IF2aSg%2BRdSSm1bXchXbLsZWgZS81RrIJcCrsmzWoJWyiTajIXhvZ%2BCIdeZwtjYG510aYxYnjEx%2F0whmNnVLeTEpM65j68rqZyVHT00lRCbaJm2z%2B645yOlp3%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 859abd0dbb896bdb-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 19 KB
974 B 306ms
203ms Stylesheet
text/css 142.250.76.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f10.1e100.net

Software

ESF /

Resource Hash

7b84d0c350cc891e35015f8befd4edd064b4c72fdc88e6af291baf07f8d344a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 22 Feb 2024 22:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 22:41:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Feb 2024 22:41:46 GMT

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/ 2 KB
1 KB 327ms
13ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/js.cookie.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 597839
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 767
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qkWg%2F0aVUWxkdwKmF5mqyw%2BWTA9Y1swUD88HtjoQF4VXf%2FWgR7UL5LJrS%2F31XqRzxLpSJOOknWwo%2BmtZuUBdz5eFpMXbyLXp5aPH3JhECRHNEyraNUM0iaAY444gfbMmymHCjdp%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 859abd0c4bc45739-SYD
expires: Tue, 11 Feb 2025 22:41:46 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 335ms
7ms Script
text/javascript 104.99.59.34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.99.59.34 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-99-59-34.deploy.static.akamaitechnologies.com

Software

Play /

Resource Hash

0aa01d0497c7250fed318f15d0058b8fc5ee5efa889142bf0e0636bd9c887f2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
content-length: 163630
x-li-uuid: AAYSAAqntJLcYD1CF1qylA==
server: Play
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
x-li-source-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Thu, 22 Feb 2024 23:34:08 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1708096377416/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 347ms
35ms Stylesheet
text/css 104.16.111.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1708096377416/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.111.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
age: 545260
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"fda5882b24ca5a84d04d090722dc713b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1708096378071
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: f6290c70-77a4-4b5d-9fa3-a6f8b8edae5c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 422
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f6290c70-77a4-4b5d-9fa3-a6f8b8edae5c
last-modified: Fri, 16 Feb 2024 15:12:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FtrxsQLUBDFbV5oUcnrkWqOQp0usRCecCLkab6iz%2BvMt5%2Bn8XPRRSorIG5J3lTjWIZCiT8KJXJJ6rsI5FQNTmCrORmdxRAmFYyoXUuHHfYOfTbPKg9HQsdWFLMOUt%2Fzu1s%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-b79697d9-hfljm
cf-ray: 859abd0c494da962-SYD

GET
H2 200 gradient.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/ 120 KB
20 KB 57ms
53ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: EW9K7ECG4HSZZGRX
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"336dca61498fc7140b09ba03ed7bf73f"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Np0IHzSsaoWIRo2pA7QSOE6GTgUdVUIS
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 3e09be7f-7eee-4625-bd59-e612224dea42
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 303
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Vemv4fXFXzMM5fKq1OQIbvt0Qsiz9AaYrM6oQ9er89TcMaOBNZXBEHuWEHGrh0QkIvMDLcnhzc8=
x-request-id: 3e09be7f-7eee-4625-bd59-e612224dea42
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6SeBeGxb2O8VTaL0JBu0ZZLZvC%2BkuC4p5cPjEZaEsTQ4teBDoPnKSOJ5HH7fv2eM6DVJkkWYrd1v8LVIcaC3N9gHYQjEUuIqFAdqPPYM1xzIOrD3TgRlDqlus1gwAlk"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-ffb8c87d4-m7jlw
access-control-allow-credentials: false
cf-ray: 859abd0a585179cf-SYD
x-amz-cf-id: d0URVfCU9BKiJW3sUKkQv03gxBnjJT6zLVWS6Aahmv066mSOgtdX4Q==

GET
H2 200 template.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/ 193 KB
34 KB 50ms
47ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3060
x-amz-request-id: MA1W9VZK9CGSMVHG
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c532cb73709fa483616feef093f4d595"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693338323621
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V4U7qS8p16YQ5afAoV9tdACdkHL_IvNE
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9d12905a-ad45-4791-8bc6-bc2966a7b699
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 264
alt-svc: h3=":443"; ma=86400
x-amz-id-2: F1FYud2qk4AREJv/CyIoq6Qw3sjExj29lLp1czQq18aZmCWXaXYkldMZZf4k1qAfFzfU83w35E8rSmS62/dNjQ==
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9d12905a-ad45-4791-8bc6-bc2966a7b699
last-modified: Tue, 29 Aug 2023 19:45:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mcDut9Uq%2FBtB6x4Onqqko%2Bc7xE%2Bq7wlmMP6b%2BWvEipXxGyIpSo858UV6EIFo2EkudUyq1sezK2IOLv02kY3fH9jSaqscTrPoo0%2BwNnLZHOduSgB0s84%2FhMeA%2F3baPv10"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-dbtgm
access-control-allow-credentials: false
cf-ray: 859abd0a585279cf-SYD
x-amz-cf-id: DDAPSgKa1D57vQGqbVTgbe7Uv4W-upX5FzTtEEhAHBAk27eJXynUtg==

GET
H2 200 animate.css
www.avanan.com/hubfs/website/code/css/vendor/ 76 KB
6 KB 52ms
48ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/animate.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 40eef8a1f68a2d42c85df34e3766b79c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 96681
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NDSG3KXJYCQVYX
content-encoding: br
edge-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: DNimaXPyQx0q8PYRQbkCSZdSE0X.bmnJ
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ANHQWnmK5Xc4wuzJkr6yThWkB63iEi0H6V6h4sRDcaIPL4A0fMv+6TT/GZdWPKBasJIgObl87PM=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"d96b2083b0acbb11911bb4f068158299"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fZPmUiAsCU44EKYKuOwKPNqhHMhcmDuXgwrno8IUQCIi5Vr%2BEvdDvsYD%2BrgMcYtcUakiO8Jpl1uz%2BrdZfxMIalotpMNiKmwqe%2BknqquLt7IUq86XUyOon5JsyS1djo8"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0a585379cf-SYD
x-amz-cf-id: K_rzwjtMHCThke7zgSvle2cp67njUQSYnds4rmyooOg6Nd5gyRbfSA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.megamenu.css
www.avanan.com/hubfs/website/code/css/vendor/ 4 KB
2 KB 49ms
46ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/hs.megamenu.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 0b2255558ecb54fb08d741c73c717f2a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 600378
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9N871XMZVQ7ZP21
content-encoding: br
edge-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: xY1xlt9wqfq8h7_kClSamJ0VluM_5ZF9
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Cbji27XheMJsuw5THEBBARBfpHDEHXgo6AbOy/M1f1a4rQgRbGDeKPUx2NoAudoH402ZVAvONJc=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"c46d4ef35d114216ae8c0fe4137c84d5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uuq67hOEdHOut4fELMWzrulTGWau%2FIMzgSmj9dUmZS7YlfmDHQEB%2FTwOxpzByXWpX6FmjrKoVL3p2IZLoBsIrvkZ7GaVOx4PJhpCoppPNcRtuJhPd%2BBO3ngjWiYOx5ae"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0a585579cf-SYD
x-amz-cf-id: 3ePUk9Q3aCVTHwc8tbEtU952nZx5Aur3au_07cuQ0laEFtGdq5lThQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 dzsparallaxer.css
www.avanan.com/hubfs/website/code/css/vendor/ 19 KB
5 KB 79ms
76ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/dzsparallaxer.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a89524650229737fbb42049a0f558cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 597351
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NCVQE22VRYSS1F
content-encoding: br
edge-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: OQfzSS0e1XiUHyu7fgd1SQC64WCGDBlx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7aPoU7SKjY64U2ZhXtsTBRyMJ9Z3KadPeKcyyB5IwwpETs9yBRcySkrj24DhXkNTMpXZ5qaQTLI=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"319d193fcbeb97bbd3c83a72ee3dac65"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lcx3CCBrIMwWBo4ZuXg825%2BGx%2Bv9Upn%2B2k6jU51H5MYCQmoHvxkVCV8kP7C81Leycl2wq6RYZeYzhaROSwfIgU%2F4PmAwxnM4xZb%2BFwGxDuPTJYABdbp%2FkWqL7yRa7Exp"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0a585779cf-SYD
x-amz-cf-id: IKXASwhEXZCKX3PE0HQ5povZx9IDdUV4yVTqLU-v_H7TibGWsAEdPg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 custombox.min.css
www.avanan.com/hubfs/website/code/css/vendor/ 41 KB
5 KB 63ms
60ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/custombox.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 971cad87e8cdac9c4a5f2f575e735184.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 597351
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9N510E4ZWJ0AG75
content-encoding: br
edge-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: 7rgoaYxL_.zq0Q9pSWvug18ufCSiqriy
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZLBt61ljr87x6jC+O+Mca0i4sePe2GXgdi4qwJD+SRLGiVd5MC09DtjO5xE7+JNlzwcIj/fPyDarh+DMb6sv6l2g8iimTfqvAcVhz9822LM=
last-modified: Thu, 29 Aug 2019 14:21:43 GMT
server: cloudflare
etag: W/"3546f0274dff535bcf97625374c1c7cf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qx9B18wDkyFH5IiUCxCHiHZBqTBEWBW0OGlKAkgIdf8Naz4%2F7oIT7R2iX2%2BWKd2%2FYrKKwQPLT%2BICdfRaDPhb0uXKrOmiuHaUkB9Tc36jeVx7xsQPBWDn2NbuZOirtapJ"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0a585879cf-SYD
x-amz-cf-id: -DNgZWdUbSxk06Pw8uQ0BhEfXyUe-ZPCTpEnyEhLxo-KFjFddTVY4Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 theme.css
www.avanan.com/hubfs/website/code/css/ 393 KB
55 KB 63ms
60ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/theme.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
age: 604775
x-amz-request-id: W9NE1ZTBYYM14DGB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"dd24981f95399e7f2d5674114004c268"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1566500436528
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 465fd463b8e31c8b402f3b1a6398314c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .VuZQK18yvpctq7eWnfEjZ9JXuCTwHN5
x-amz-cf-pop: SFO53-P1
x-cache: RefreshHit from cloudfront
cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: clUlk8gmeqnQPpIHZ8YMJOzaRKTuhYlWc+GsCcwKgDo9O+WjCOLZsHQbm9pPyWdoZ4GoqCD+RJo=
last-modified: Tue, 29 Aug 2023 17:12:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAIttCpGepJFRFVhxNYoKd%2BSgI6nR%2FqT9YfzErVOZizcw8IODpG19jU5XOJHczT5z%2BQyuCXILH%2Fe2yW2trQ6wk%2BMjttbBllvzXxMMCNNAR7hM7TGJ1bASl9OL3l4ZXOk"}],"group":"cf-nel","max_age":604800}
cf-ray: 859abd0a585979cf-SYD
x-amz-cf-id: 9WmkYD-hAAUE6nWyzdLcK3reur03fyFwFMvfJQmD1CaEKYsLCi9JYQ==

GET
H2 200 header-slim.css
www.avanan.com/hubfs/website/code/css/components/ 84 KB
10 KB 50ms
47ms Stylesheet
text/css 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/components/header-slim.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
age: 597351
x-amz-request-id: W9N4VQETP64HNQ7C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"b144dc1e3369574aa43f95d44261c80b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1590586777336
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 0098a8f5f88413d26cee38867e3b04e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 42YSFG0lTWtnZ.W1lT05OT2Zcvw1os6c
x-amz-cf-pop: SFO53-P1
x-cache: RefreshHit from cloudfront
cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: n1vwCgWhuhnairVT8ZB7thVMhOOEfcCE8deAZI1dZaS0PqE7j0+aes0+Wh9BG+T8hryQNtVOQfo=
last-modified: Fri, 08 Oct 2021 20:18:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H8fHf9NG5T0LjRg6uiMcpF9tt9cibozDajwqiJxFGd%2FgKZ7ZaZWlHb4V7bORp%2FD96KrkN8SI2l%2Bk5pbo30gY%2F6gIHbrV3Gvf%2BOgABAC0Nfb9t%2BtL5G1VO%2BKkUQpy6chZ"}],"group":"cf-nel","max_age":604800}
cf-ray: 859abd0a585a79cf-SYD
x-amz-cf-id: PsoEZ43CSRBwof1esmneTIOt54LQX5fEetj_w6svMsUe2IOOot2p-g==

GET
H2 200 css
fonts.googleapis.com/ 5 KB
956 B 200ms
100ms Stylesheet
text/css 142.250.76.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f10.1e100.net

Software

ESF /

Resource Hash

cab0bd7418905a8b7ac2510a8708b4bcb01af80459e20265582d4d96ae931c06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 22 Feb 2024 22:41:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 20:57:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Feb 2024 22:41:46 GMT

GET
H2 200 How-Safe-Are-Your-Emails-featured.png
www.avanan.com/hubfs/website/img/infographics/ 621 KB
623 KB 60ms
57ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/infographics/How-Safe-Are-Your-Emails-featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
age: 604775
x-amz-request-id: SCFKRJVGECVRKXJN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="How-Safe-Are-Your-Emails-featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c633bdada0f0b6b3a8ed9923b6fb540b"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1628160146967
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 f20c2924343ce57c71ac85e5ceb39250.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .d7FqQt._o1Rnh6A1lokFj0_Ws48Edpl
x-amz-cf-pop: SFO53-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=866167
x-cache: RefreshHit from cloudfront
cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 635542
x-amz-id-2: Cfpr0Hq6esRrGexr5VXEFqrv048SzwOntCFfhP7QRXiroo+nMz+m1A6qZMznN5Q76CNPEpD+ajk=
last-modified: Thu, 05 Aug 2021 10:42:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lMw479akcdHC80XvZF1xKzZwxQ2YbCdBQBX%2FcYc%2FM%2BhUtXw5GIyWRO5MFvwRMivwtc4iJNCPZdn7r2xBgM3oClFkUcnLILTe0XJQnj5XQhWpPt%2F2W4cFUEu6fSwH6R0y"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0a585b79cf-SYD
x-amz-cf-id: 4QJJPc0arEu73F3fIf_L-M4W6gmEY_8ZPW3WQxtiwfXfTvrs8uSCkA==

GET
H2 200 av-cp-logo.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
27 KB 64ms
62ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
age: 600378
x-amz-request-id: 8GWAK2YF9ND4304A
x-amz-server-side-encryption: AES256
edge-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="av-cp-logo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "54f8e06ea392f631745f18834b4f75fc"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1633720390182
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 5ec31a807b3a12da1cd448f2e2805d3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ihC_xVZudFnTMh6T1X7C3_Yl8xLb15Oa
x-amz-cf-pop: SFO53-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=45855
x-cache: RefreshHit from cloudfront
cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27014
x-amz-id-2: hyBTLLxQt+Lu5xaqpF9VUB9MDsqNZuHLVnYBiq1Jt2UbUjccb3kTEdJwjzC0WW2YmaUPU11zAUo=
last-modified: Fri, 08 Oct 2021 19:13:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mxqRNYa4C6aoEfagyRGicIiKMeNAIEE7UFeUmFyqAL9VnhXtKvnCpb8LFf4%2FYPRDuRXHkQjXbh1Ii1NlRzlAIcCn5WSyveC1eDmpNWVvjNqeBKRm6Nqg1hFd529rjjRo"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0a585c79cf-SYD
x-amz-cf-id: 7a0Yq2O7tnD6H2gh-Dgidyj4kK4A_8z8O_WU_4OLrQ8Kc9VMin4rKg==

GET
H2 200 documentation.png
www.avanan.com/hubfs/website/img/nav/ 868 B
2 KB 24ms
23ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/documentation.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
age: 600378
x-amz-request-id: VYY4KYNP3KC06AJB
edge-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
content-disposition: inline; filename="documentation.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f4d503cd55e042264b3bbd74f58ac560"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 1adacdd75ffd261b5e9a2dfb995e856c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V87Vzt5MSqkUDoZ5asBko88rN0wJ5iGd
x-amz-cf-pop: IAH50-C1
cf-polished: origFmt=png, origSize=3416
x-cache: RefreshHit from cloudfront
cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 868
x-amz-id-2: wt8vqn5nsuXlOlpdDxeLJKGnX7tL5GPQSau9ADHnGCxZVIFLyZ8fLEXxNRBU5s6rPf0UkT5UtWk=
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDzaaFKdtG3XeEEthHkuBV0Fi6AWuSwr%2FS3s2x9G1UVy2yIaOwFynw9YeBq9c2OQylku0BB7c2wQ7VXysnXucm%2FcnJbZCLHHJ7AKFj4IFG0mVE7JMzfQnobfJyekPXP2"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0ac89b79cf-SYD
x-amz-cf-id: CAP3zgjqKlzPccXdkJDYuOXKLWKz0zycmJIMfo9ssokUnMb8VDJdjw==

GET
H2 200 open-ticket.png
www.avanan.com/hubfs/website/img/nav/ 700 B
1 KB 24ms
23ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/open-ticket.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
age: 600378
x-amz-request-id: AQ7WCRKX6B04E6GR
edge-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
content-disposition: inline; filename="open-ticket.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "9034a241fdd02e0d9dc532075852965e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0c9cY9eUX.md23IeRyXXqhmeaLhfDOS6
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=3180
x-cache: RefreshHit from cloudfront
cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 700
x-amz-id-2: 39Jo7bPXm6Yd69zswFhxwvIlclPITlBB+zJUAVtr5AcNwqDBMzMIilZknnmikOr7Pjq+6f0epBQ=
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6EzlPxs6mOIB1ClJF72x40lib%2BP%2FpX7R0FLLm9K7e7fS%2BYWMllAetqE1%2F6XvsccrDXWKM6uj8poGi9%2BYR3RVd5JpTlFfFzAXmIfs05snermy6zkLfu2LPO%2BpuGLfsQnI"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0ac8a179cf-SYD
x-amz-cf-id: t8hqaXO4lLTZ6bnxZTnXTyfAnrjs4Vs04rzWQHRfHf9unMzvnaFqww==

GET
H2 200 jeremy_fuchs-1.png
www.avanan.com/hubfs/website/img/people/ 1009 KB
1011 KB 28ms
28ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/people/jeremy_fuchs-1.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
age: 421017
x-amz-request-id: 877F9CYX5SH8B5F1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
content-disposition: inline; filename="jeremy_fuchs-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "f708d6febff5bc6d07172bd7465dd726"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 3b0761aae148df2a0aa43b804d13c402.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nQ.kuHwFXuupsUc1qfCvxdS2PMk7c1js
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=1632605
x-cache: Miss from cloudfront
cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1033412
x-amz-id-2: 9qI4nzg4Ef5Jcuqu2Q9zKXBomTqYskWUAQeG9iDXqleJ39K8miY1CurZqzZz6lzPN7Tl5Evy/Rr+dJ8lMIw1WA==
last-modified: Tue, 31 Mar 2020 14:03:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFfDrKUWNWFsd18xBdVs4CSSwvXl8lSCHzmmAIuyik1gtD3vjSmNm1UCZ9YERmUSNdjSTgDHFGWAKSx3raijTTP7b6ohfozMtjWl0LsjcH%2B21lW5bURP4FXsVvQlYKCA"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0ae8ba79cf-SYD
x-amz-cf-id: vfVtJvA4zXs_2Y-EUFmXu5LenSl0hC0PWEJF1GtD6VPlvAV2sFRknQ==

GET
H2 200 Featured%20Images%20-%202023-03-17T145245.680.png
www.avanan.com/hubfs/ 17 KB
18 KB 40ms
37ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-17T145245.680.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee064ca527d2ca2030e6268d423f842c6f7d5e4979f1623f420eba57675e648c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-106959300760,P-1835778,FLS-ALL
age: 68774
x-amz-request-id: P5YYMA51T5ZT9BTE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-106959300760,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Featured%20Images%20-%202023-03-17T145245.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8184b39234a017d6f678641fc2737b90"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679079201823
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 27f8684163b0b232d220b4ced517da20.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FD_.4wqomlSFuIIhZZQPP7rxbu9HnHlf
x-amz-cf-pop: LAX50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=35154
x-cache: RefreshHit from cloudfront
cache-tag: F-106959300760,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 17442
x-amz-id-2: B1le6eingTHu6wIYdcIlQUM0kWTT6KbEfqcbdha7Eki6QU5kIlkI5aoiUedqD1DKMs6XCVNutbo=
last-modified: Fri, 17 Mar 2023 18:53:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x10xIvbw32BHCMBQPGGX4pcbHp287jyckJ4KlD1oQE7kNjnJUvsL4TxAUvWO3eLQXQd3nttjmlL%2BmFNZFGa6wug6gY4Q50r0zztj21tGDo%2BU7fOJs5Yr0fWsr8x4Qm4g"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0e4bd079cf-SYD
x-amz-cf-id: SCZroXQLRfkphGERMAn7Iwwms6zf-sz4nfmdawaAGOV7Toi9IMBZJQ==

GET
H2 200 Featured%20Images%20-%202023-03-22T155358.792.png
www.avanan.com/hubfs/ 15 KB
16 KB 52ms
48ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-22T155358.792.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2930e024fce54205f053de089088a6f915f8c7d074d7f1b484621a73033a1d95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-107570278950,P-1835778,FLS-ALL
age: 68774
x-amz-request-id: P5YV502X4MM5JWG1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-107570278950,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Featured%20Images%20-%202023-03-22T155358.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "6c151c92228713bdc2ea5328be6b4d04"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679514847342
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 ad3c0e63e032c703faf8afd0daa0f23c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: cDB61xf7ybKRCVzSjW2LRtKDaTk5svv9
x-amz-cf-pop: LAX50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=32311
x-cache: RefreshHit from cloudfront
cache-tag: F-107570278950,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 15232
x-amz-id-2: yp/67RZp+yGTKUO3hLF+p6krtJrD8j2xznYMYBTodeEbJoxZAQGLXW0BnZAg2osXS4Gd8Oc3jY8=
last-modified: Wed, 22 Mar 2023 19:54:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jOTllJ74mSHih2ZoGAb6NITFbH7gMYvMdXjRVKL1PaFqn2y%2BV5mxce8YM%2FIQrbocr6rTbSnE7aoxuTmGIifeWzWxYSlcqUgj4Aj69bhy9U2oSXE5gLKJWfwM64waZS6T"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0e4bd279cf-SYD
x-amz-cf-id: Tw37O07N3-1KFqn-jfWEYUZMJt474gx_1XjnLBGn9k3Azyz3qMxNEA==

GET
H2 200 c953fa87-efa0-494e-9947-98ffe764fcd8.png
no-cache.hubspot.com/cta/default/1835778/ 1 KB
2 KB 564ms
254ms Image
image/png 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1835778/c953fa87-efa0-494e-9947-98ffe764fcd8.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: NX3PZRPK05SMKG3Q
x-amz-server-side-encryption: AES256
content-length: 1111
x-amz-id-2: Swl2Bsl45/b2y7334yjXxhw32xBAOtdYJpASh+mW8SfT1J21vaGOEwlvdSurrvptHAzjb64HY+Q=
last-modified: Fri, 24 Jul 2020 18:46:48 GMT
server: cloudflare
etag: "af14e3eef5578014fe49b0f4a662ac5c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4P8fUwHORbdCPF8Z8vu4NEnUgyUdf98ve6GDsqXWHY6XHd5o6DKSZh5832dOE6%2F10R8LO%2Bi52CP4QQxSk11sQUhS7WMvAts1RXhZfm6EIzf30WySkPPfW3OfqDnnR7IwERQGrrl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 859abd103b58dfb3-SYD

GET
H2 200 current.js Show response
js.hscta.net/cta/ 18 KB
7 KB 320ms
12ms Script
application/javascript 104.18.212.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.212.51 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7d4517c08bd45d9c379997b693687663a2471c927810bdcac5a8772c68e741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
age: 332
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.258/bundles/current.js&cfRay=859ab4f21e145c07-SYD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"95737e927a3038e3528bc4fdd069fbeb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.258/bundles/current.js
date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: D_jvS6jy9FLgzk8cWis5IHsS7l5vauMB
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: b332e37c-5ce7-4e5e-8836-dc935594e928
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
x-evy-trace-route-configuration: listener_https/all
x-request-id: b332e37c-5ce7-4e5e-8836-dc935594e928
last-modified: Tue, 13 Feb 2024 11:42:13 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-58mtb
cf-ray: 859abd0ceab05d22-SYD
x-amz-cf-id: Wvsxp46sYHQNNoRWO3cgTtwdVXmWRfhHNJzys_5tarhiuXwgchE-0Q==

GET
H2 200 widget.js Show response
www.gartner.com/reviews/public/Widget/js/ 9 KB
3 KB 336ms
23ms Script
application/javascript 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cefa070557861023a0cdcd01ac9b84d8212be8ab4461d82b051e5211edce1723

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 597862
x-powered-by: Express
server-timing: dtSInfo;desc="1"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 09 Feb 2024 09:41:33 GMT
server: cloudflare
etag: W/"23dd-18d8d3e64c8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
cf-ray: 859abd0d1800a979-SYD

GET
H2 200 gsuitemsft.png
www.avanan.com/hubfs/website/img/blog/featured/ 7 KB
8 KB 55ms
52ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/gsuitemsft.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

38de6bc8c2c8a9406f81c95c8cf7e192ecf20c0d5de9afa0b83ede7954743120

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-45026721816,FD-11279853394,P-1835778,FLS-ALL
age: 611860
x-amz-request-id: CZWAA99BN6MZF61Z
x-amz-server-side-encryption: AES256
edge-cache-tag: F-45026721816,FD-11279853394,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="gsuitemsft.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "c5f99be14ab21fa89a34782d0b9f750f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1618341441362
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 28ece4c2a6dd3c0a95262b04d30d3eb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: y1EKZw9E0SZf_0qX54r5aDKCg2_.DZWl
x-amz-cf-pop: SEA900-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=17667
x-cache: RefreshHit from cloudfront
cache-tag: F-45026721816,FD-11279853394,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 7612
x-amz-id-2: 8XEB52tTquiEgI2ukTT3Q6VuUZl/JFW7hrNyCCAYpQ0tNLLLVjDtxOkslKteYyMfnm09z/VugFQ=
last-modified: Tue, 13 Apr 2021 19:17:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkPUGWX18ld1U84cLI2M70yqwyIENm2Y6e%2BIMy9xincIJ96NSrQyUZOUE36KtkW%2FBLaQdk8SC6GWyD%2FShtk%2B3Jjn1%2BmezUucyJN9wym2XvemGg%2BmijQq1yR176M9OznS"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0e4bd379cf-SYD
x-amz-cf-id: sKDFjH8xwmnHkxxlUkbEIBLiHubqvs6WE5ITMMa_sIljX24PL7Ej5A==

GET
H2 200 av-cp-logo-wht.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
28 KB 53ms
50ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo-wht.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
age: 604776
x-amz-request-id: 81XWZT9D6PWYY422
x-amz-server-side-encryption: AES256
edge-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="av-cp-logo-wht.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "6b25c756c0ec059c8b971ac07c1a44e2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1634845767354
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 7bfc7790cc690be558ed3a9136bf2206.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: r2zJbm9CEK3FOJ9Q8VqLC35kT_FW.6aY
x-amz-cf-pop: LAX50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=46170
x-cache: RefreshHit from cloudfront
cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27120
x-amz-id-2: 5Mmy7QBCJChh62ip0mR1cmfrKlwRGABjN2JjHcYPFIwEq4C9RZsO8rjHZks9bH8SFudHF1zbt1ozdYlP7mup2vEZpuyxxx4vs3nwTNowcwU=
last-modified: Thu, 21 Oct 2021 19:49:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBebFGuWg7R5xCyocv3du8pPVMO1cut5q79Mv%2BB9%2Fm2rsNnTGTrA38U867tcdQqudKNotUIG7wF9wVm5m2Fa%2F6FPHud0YFvj%2B9%2BkCAnIS957cEbihpqMzVHq15nuy2np"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0e4bd479cf-SYD
x-amz-cf-id: pJZPpVvIGJiSf2NIkwu8vMtd7Uk5Y4pFDNwMB6uHhLtgSCtAv8Q9sA==

GET
H2 200 soc-2-cert.png
www.avanan.com/hubfs/website/img/icons/ 27 KB
28 KB 30ms
27ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/icons/soc-2-cert.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
age: 600378
x-amz-request-id: 8GW22KKQ4J8NW2VN
edge-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
content-disposition: inline; filename="soc-2-cert.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "2242d63f47a733e65cdebd6f3be3a08a"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a89524650229737fbb42049a0f558cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ENN2NKV.l.gZzdTLCJgVyrfErf7Uu3mK
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=44339
x-cache: RefreshHit from cloudfront
cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 27216
x-amz-id-2: WSO23xsPgm9mHPjLtT0vHGY2tu4NzNRKnyet941/D/sBVnFfME2T5WKSUWePzhuPqfd7J9bXnGM=
last-modified: Wed, 08 Jan 2020 19:24:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPnDBq6NEbMDdSeEVaKWFgulwp6t4qrkM7Zxx7fer89rrkR96xzZoYkqJ0kLmCNrKjfHvomecbOlRj3st1MbRx%2ByHMJejXuLK48DPVv6ZRRBlyNKOY%2BDIRXanikEM9Ua"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd0e4bd579cf-SYD
x-amz-cf-id: AQDl3BFAXpwUsJWsfRGlUdb3M2TU2F0esQ9O9NrZHZltJMSR3BEhRA==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 327ms
17ms Script
application/javascript 104.18.176.93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.93 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 7fe70ef74e6a71dc6fcd4b1b62861ffc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: SYD62-P2
age: 607206
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xc%2FyQfcdhQeophomJtqK3vzFWc9u2P3mqloR57bN9%2Fg6EHeWB4RbqWz5pUY%2Fqe6zX9L6AvK0osHkESqUYF1eRYp%2BXOeny5jkvrT50fUPJIHFxk0DgCKyQy5OCSaoQHwMWbgt73SRrO8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 859abd103d8c5744-SYD
x-amz-cf-id: 99DC3LndDTthY67ec6m4LDaKRz7GtzIPadRUVqs_d50b4HQgxt0G8w==
expires: Fri, 21 Feb 2025 22:41:47 GMT

GET
H2 200 jquery.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/ 142 KB
38 KB 27ms
27ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/jquery.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3057
x-amz-request-id: BTQ7BRVV9G9PV5WM
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"58abfaae2dedf59326b2ea681f828a06"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 b3bc6011219d758c8763878f39b43b9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ebM6Jbr9unIlIJHsCtn.BkHxdP32W5Tn
x-amz-cf-pop: IAD61-P1
x-hubspot-correlation-id: dd12ad55-289c-4393-b971-e85c403fb9d9
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: tPJsjS86R4RDRf2RNEjSsJqcpOhiW9+m+580iqNtTTXFcg5SV25mrRQWse9gd7/UgxRJ3oQ2ms0=
x-request-id: dd12ad55-289c-4393-b971-e85c403fb9d9
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flv5LPYEtqtEIBcJe7dCDK6TM9%2Fkg%2FW1ugYfhObEeEjKW1q%2Fa6zbckU8ErjUj1Ij%2BQsawHzFSkoQtkXnFXwUd%2F3nAIT1FDgM3AwZ4ALqNnSNoGakLWV0g1t3WJiwd6p9"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-d7b5c
access-control-allow-credentials: false
cf-ray: 859abd0cfa3679cf-SYD
x-amz-cf-id: n4tbinlyOgPo97afZICil-1hfc--wpWCHc9mCuv0pVgGEjKXrjJ8-Q==

GET
H2 200 bootstrap.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/ 112 KB
22 KB 30ms
29ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/bootstrap.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2552
x-amz-request-id: C7VRNZBP7X20V3K9
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"d810a38ca2781735a27cba0625a027db"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3IDp6mXhqSOlZQ4n6QKdC4Peyv0EBjJp
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: 22e0441c-40e2-4bbf-ba43-49b519f264cf
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 183
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Sm0glUSps0rjmz6PIxAX5U8nvVr4e8kKHZQgNN/VMKkSIDWPKSPfLn3lYoXfTmiYQAFDMPUSAEYEz9P8DVV7UsRK47cPsaDwlPq1e+FMrhU=
x-request-id: 22e0441c-40e2-4bbf-ba43-49b519f264cf
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwhQAuhYaMiEECI5R%2FDaLjQpg2Yhx6gDh819WDZ7Lck36yjjd1xLiIdqEhydTO1lhxkUqjFlJJvNyatJORZuqAVr4StNhhrPTqtY6XlB5N6N%2FhnkYri%2BhG6blhANuumt"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-9984fb9f6-l5wpd
access-control-allow-credentials: false
cf-ray: 859abd0d3a7879cf-SYD
x-amz-cf-id: EFcJ98L9bVxfMsa4BoUeY9QQ8ZqQGUDfvdC70GAh_WEdlilcX9ozKg==

GET
H2 200 plugins.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/ 508 KB
118 KB 40ms
40ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/plugins.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: JF8RG5KN7AEF7WF0
x-evy-trace-route-service-name: envoyset-translator
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c612fe430751a00bb8750c6601520596"
vary: origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 7fqlaiSrobvA_myCcLItYFNxElIoA1r6
x-amz-cf-pop: IAD89-C1
x-hubspot-correlation-id: c5a689b8-4300-44b9-b441-db6fe5744baf
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 291
alt-svc: h3=":443"; ma=86400
x-amz-id-2: LbSZ2Y8czh/IRzvccsTL5KUAENWqNPSmTZXI9YZ5lq324IIXzD+oJVN0ND1qXF2gPYGK2rE9n1c=
x-request-id: c5a689b8-4300-44b9-b441-db6fe5744baf
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVLo2%2F5cv8X6bRIH3fd8LaklV7ENAy3Us2YN8vEUwTKR8s4W5myFM4kUFQrOhFYlUh02xVgXM7DAYOPSVs1TDjDdg3%2FFxYMLFHmAIGbN2VA0sWtZqIBzsAOhj%2BoKGLXg"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-fjwx7
access-control-allow-credentials: false
cf-ray: 859abd0d4a8b79cf-SYD
x-amz-cf-id: IJs20ND5J3Qarrcqz9W6plrxHdPe6XiXtFJEPnbVilUCl6B2rtOvsQ==

GET
H2 200 module_11124227288_updated_blog_body.min.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/ 244 B
1 KB 26ms
26ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/module_11124227288_updated_blog_body.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2551
x-amz-request-id: RHVE853HDZ5VAEY6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"cf3f93254ba12a90654162233cedfbcf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298027233
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 b4346add631a498bf6cdbf88cbc5ff12.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2vRBYqYBKn.Un2cVRgM_9kk_TDebYnrs
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: d8f82bff-b615-4d1a-a129-c3c7b5907465
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 119
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kad1Ots4PFvXX83njbNBgWpeYy2DQ0LL0k1wDw5xdK3ayhXGUH5/c47oiPH8SbzMJ3XmkgobpsiSXrikylkp9mqh3O5f3uXv3Xq3dgbCI1o=
x-evy-trace-route-configuration: listener_https/all
x-request-id: d8f82bff-b615-4d1a-a129-c3c7b5907465
last-modified: Fri, 05 May 2023 14:47:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MF%2BBN%2Fg8yrhqH8YW1yjbcVpFLQ2g5TEliJTG9wuqkLtzcNq1nCP8GP74cKKxIBW6AivB%2BuoAUKVmHWqMAx57hksrWaE%2BO9h6Ia6%2BZ8azTZyU6IqR2455CfmSGYEpJoR1"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-649c5bbc6c-zjtxl
access-control-allow-credentials: false
cf-ray: 859abd0d6ac279cf-SYD
x-amz-cf-id: _AFbpra6hzBjGen4nGXcbRdWvWX83iHeFGGvmb4_z6Tlq3dnyKO8_g==

GET
H2 200 1835778.js Show response
www.avanan.com/hs/scriptloader/ 2 KB
1 KB 52ms
49ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/scriptloader/1835778.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d4d2b0e9ec6cec79ac7c036324273f238d129f005b6a201b3439dd2c25f70de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 27
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=1987
x-hubspot-correlation-id: bee817f4-1fe9-488a-9f5a-fce78e8f4ccc
content-encoding: br
x-envoy-upstream-service-time: 14
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: bee817f4-1fe9-488a-9f5a-fce78e8f4ccc
last-modified: Thu, 22 Feb 2024 22:41:20 GMT
cf-bgj: minify
server: cloudflare
x-trace: 2B19B5F9E4963781C0530B56D7168FF504993134FC000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-59d6fb747d-69nxg
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrEXuGe%2Br3LIb7GbDeUWtrhRlKMhgND2F8mG%2BTBrLLIcpIOw%2FSaeGvNSCrlD%2FfObCZNDorPWc%2B%2BLbkWn2Mk5AZo58aA6QqC0LmzQ19KLAohlvY4K0%2Frxl7Lg4i4ChS3%2F"}],"group":"cf-nel","max_age":604800}
cf-ray: 859abd0e4bd779cf-SYD
expires: Thu, 22 Feb 2024 22:43:17 GMT

GET
H2 200 index.js Show response
www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 45ms
43ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 7273231
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QsUYYC29NEY3ufGE0JWRMcAxo4m962SQR4OPoBR%2FO2gUA99y5ZWd%2BDsoikuDjiwi6apc6JzpkVdI8bReQSc4RHgdoFrWI%2BzhtVN3BxTMoI2s0456pph34t4KhJn0C21L"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 859abd0e5bd879cf-SYD
x-amz-cf-id: 1EBgR8vzYJ_lutStt3RGl66UV5YrVH2dMt1uJB0oTqST3zmL9flpYQ==
expires: Fri, 21 Feb 2025 22:41:47 GMT

GET
H2 200 popper.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 80 KB
23 KB 26ms
25ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/popper.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 178e2f9ab443422a8dba5a165856ed1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 611861
x-amz-cf-pop: SFO53-P1
x-amz-request-id: 81XSWX0SYGYC3WWH
content-encoding: br
edge-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: OME08B.rG6TRAJ7DDfxDoqg2ImFXjByx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 2u3oaq2cN9yyTPjW+g35vHBESmURPmqYiIsBMYxNu60BAxYe16nMw48xrZ4nmTXnJhW8tvjg7X4=
last-modified: Tue, 30 Jul 2019 21:08:51 GMT
server: cloudflare
etag: W/"18977fcc54cc90302580895825f739ec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMKs3WPx9FrjEl18hZS%2FcaIyxWirtSiSTeyusHQ%2FwuDPq76QsUWvaMil7X2lfilOdy8NTcbxYZYzbmuyioe7yw5yfKpj4vG1HoSsUtjYGXL9QOpTIU9Mul1WZTVUagzs"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0d9ae979cf-SYD
x-amz-cf-id: IXhP05BuUxCuIcgNTEzPceJUd09Z0RL552sk1_IfJK_U2XyCRUz6Mw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 jquery-migrate.js Show response
www.avanan.com/hubfs/website/code/js/ 17 KB
7 KB 27ms
27ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/jquery-migrate.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 354f23e9beb8582926d1694663ef46d2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 611861
x-amz-cf-pop: SFO53-P1
x-amz-request-id: 4GXPPH6CZYFPEFGC
content-encoding: br
edge-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
x-amz-version-id: O.IWEvWv.S2HIJh2gVb3UjxcZN2zO5t0
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: et4BBedO/kIuKNLpRBpRsqf8JAiv0DmW929zPkwEFR+0kuPyrkSe0HvPio98fO//nW3dkF6MsR8=
last-modified: Tue, 18 Jun 2019 07:39:43 GMT
server: cloudflare
etag: W/"e16bb3f1cf4b40a9e4de0cf7d4950cb3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BY%2Fq9I4PeJu5JUpCQPHhypqDF%2B3i%2FSwkVI4NG6xuSqMygh%2BClCRrVYnwbGYd1jar%2Ff3CgGT8%2FZVHC32FVmfJcJj6xV0fkxAC9PTYnyNYJ9lHNcz4h1uW2XduicV5S329"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0d9af079cf-SYD
x-amz-cf-id: YaZQKgQTbj8ohs8GsZgLXg8XXtLoKM-D27CiY86fgYyW9dO9yOJ7qA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.megamenu.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 22 KB
5 KB 24ms
24ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.megamenu.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 b25dbab50c2d4b34d29539472626bfbe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 600378
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9N3BQ7Y8WMVXP9Q
content-encoding: br
edge-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tr8ZpL3KcSID6jBFr2cCd_jZ2gEqr8QS
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3oTVM0xMDQKdX/EGJKBFFc6eglFMDHTygl2ANk0nBs5XZZuuCCkPkWNzde2IEqc2Sm0tAE1e4BY=
last-modified: Tue, 18 Jun 2019 07:33:15 GMT
server: cloudflare
etag: W/"26676e58c4eb0c77a8d2c99b4bd1ad43"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eLS9vSC0uVZ5bOtriwcy6mCNxkVdQJjdRG0Hci7PVKD6C68W8CaXLzvRCMbn9kfHN2a2PKa%2BN5aDXKMQtiCcmnb3H1G0WcXwRl6GFNjypDgKTggMJ%2FjBVC7Hc6HG59X0"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0dcb2479cf-SYD
x-amz-cf-id: JZarrSeGAPyI3YTvWnYshDvpSsXOvLa5YXihYibst1AR04mjOdx-BA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 custombox.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 15 KB
5 KB 28ms
28ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 597350
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NEWA2AD7CJZNNZ
content-encoding: br
edge-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tm64yWHx4y9EpRwZ0oVdBIU91wzQQVgx
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: a0XtRZt0GmZ7YMx+/GkVAWVjh8S3qjCvFe9idaG4t8yw3rHj4kej52X3SnDyx8kUNao5NqO90sE=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"a99f3446cf6471542e7b5103c1e0ad26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUWgrISWsWAw5AIBINNaXKv2mac9pnEASLPqLvWr287hEGSpNRBQzE7nw5N9mFIwCNoIhinIytNfgO2Ej0VgaXG8ilS%2BspgaL8vpG%2FjGxoH1KjEK6xUQGCSDw1QDeqff"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0dcb2979cf-SYD
x-amz-cf-id: P05iZVIgYa-kR13mwjSmOWLQ0YFxTp6kO4LubXstlKvcNt5jVdWthA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 custombox.legacy.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 102 KB
36 KB 35ms
35ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.legacy.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 03f8f74b004ca394f25d22fb1ad4a310.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 611861
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9N50X21Q85BMQ8B
content-encoding: br
edge-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: CNtvX5bcEOKz8jLqkiPSkGvNd2dpptBk
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MvZl7ZwQTsQPmEhdmhZ2S4rl+6abQD8Ib/vuuXifE5HNpGziPkhSslLgGXmrLfgkLeJYUUwX+A0=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"626f9c989ad909171b9c7e56dccfadd0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fbev2j9pIXsqUkplM5RCh5ngcsBHg%2FZLm2WzrDG5sFoOwctlqoOzmqNc3mHffH%2BnxGUD7fEOv%2F0GA6wvSdiyesjKYQTPkYe1CuR78oiK9Y65dX4G09NiQbvAxfkDsn9f"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0deb4f79cf-SYD
x-amz-cf-id: 7swydo2dCalgkrdOnBykb0OiKklQxwdlLd_a6271owBqtVasXG0gvg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.core.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 4 KB
2 KB 36ms
33ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.core.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 0098a8f5f88413d26cee38867e3b04e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 604776
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NCXSZK6274JQ71
content-encoding: br
edge-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: t39fon58.c8wnVn0KiTmU6Cnt0f.z3k5
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 5Ushn+TFSqsFJlDVD6HazvvAwP2dLjmQW+8w1+RyL3alpU3v2zBLOVG8xy38aZNwiX0B6u/cx6M=
last-modified: Tue, 18 Jun 2019 07:35:47 GMT
server: cloudflare
etag: W/"ad96a1d08e41474de9b172376ad8f2a6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tq5vdDJvY4eFbQMJ2tutou387tGGjkCMdUF04JmBfuaUWnysCX%2Fz7iXE96qn7xPHucO49i3xYxGFPXn0TMybK2TTgOWqJhpq6rHJUp3qMRGsoliJ5j28KTJoiKU6qHiv"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0dfb5e79cf-SYD
x-amz-cf-id: xmvbtXJgB50r6j3-M9Gsu50jM1O3pF5pi1t4UzX3lALgh2PPy4QT1Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.header.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 45 KB
6 KB 47ms
42ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.header.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 0b2255558ecb54fb08d741c73c717f2a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 604776
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NCQ6D4CH0RR0M6
content-encoding: br
edge-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: sLoBYokxi8ZRjPnVZWHiocCdDukS9g6O
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Zi5i5lsmQvSvfEmhM2E8KdDX8mRqnpNDdNJVnsKbPVT2ohKwW6pagrFrm3AWt7V1m4KQt9sHw2mlLHjQGRkbp+A+/68R8SP1qtesaEDUWMU=
last-modified: Fri, 21 Jun 2019 15:22:17 GMT
server: cloudflare
etag: W/"da8e6062fc6df06d66405f3894ac0090"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CD5Wr56ToG2JmAK6eg%2FsLbf8gGS82OTlHiuCMJEdpX7OyyQqK1daoQON4fsjLV44u1U58gj8yigBuwsdlYU1%2BYYuHFeJh%2BrIUJS7tT8zgJAedacnV%2Bwg%2FCkY9BdjhkU"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0e4bcb79cf-SYD
x-amz-cf-id: CJTbKTGoKiycvTQS6j8gkufrgKJSi-J0dx7_1Yvo0yqu8NFV9LmFtQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.unfold.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 16 KB
4 KB 54ms
49ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.unfold.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 971fa3d7843148866f45766ff6f80b40.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 597350
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9N1NEGCCDFDRY8J
content-encoding: br
edge-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: jtHI_y0b8Eo2FGwKdP6LEhiHSwPKnVW3
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MoWanCYy1JOOJtEfrzW5v/Mwc22dR0p7+/Wzoryh5CbxvXCV9av2J1+8jcwBYMwZzy+EC4A4gYg=
last-modified: Thu, 22 Aug 2019 18:14:11 GMT
server: cloudflare
etag: W/"cd7294af40bf5e701ac6f8cca4a7ebcc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rB8s4f14e1L04dpFEBmo%2Fs8UrtYAh1XjpRHHvzR3iNvG45Hs7OyLVcBVxPrrFQjAW3egnWllbcK12aQkSH31xnlzQMg5ENDDBoZTkr7b%2FrwNXt5dZasADUYa2d8pa8x7"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0e4bcd79cf-SYD
x-amz-cf-id: 98tLcSuRp-XPQbktyg6kjWUuwnoVBwnMDzpwzWb_YaCnFrsp8kme4g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.slick-carousel.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 13 KB
4 KB 45ms
41ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.slick-carousel.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 9112f917b5d446937bb37b520eab286c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 600378
x-amz-cf-pop: SFO53-P1
x-amz-request-id: W9NA50NMN1RCNQ3R
content-encoding: br
edge-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: 47mSAiAgQ_ZLSqVaPMk.x.DaEXQJE5Q1
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VAPf14O7UEWZK2oXZKIV6JZ5QFLPTfCQTQi5MQZ3DXVD7wLrwc8+DXarViUVmP4QNeod9mZwnBmHGt6vh3e/ZQ==
last-modified: Thu, 05 Sep 2019 14:38:09 GMT
server: cloudflare
etag: W/"333f5cba208ba8133a37ded8fbd1d4df"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1k1ivZ0WlCxlGO7F5MSxI%2B5pkb1Tvrct2ovw7AZXm4Cx%2FrX%2FvNAq%2FS58d%2F4PpA66DCbxeCz3SeMZLrA%2FGlWl8O3WIKD1pTUxgw%2FpH9tPUJlRLKgMIBM3QQfOtT1MPnZg"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0e4bce79cf-SYD
x-amz-cf-id: ypvLyFF4OwLMVIYS81MYJhh6MiTRq4SnOnNmovV0SIIzIuSLKKA4jg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 hs.modal-window.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 9 KB
3 KB 44ms
40ms Script
application/javascript 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.modal-window.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 e9c14790ff63b931e8e58434b28761a0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 597350
x-amz-cf-pop: LAX50-P3
x-amz-request-id: W9N9GHZW8D08BYA5
content-encoding: br
edge-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: 37fiNFmrqmELkFKd5Hej0YGO_cs4_PVG
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: CZYGz9oMu31GbsFqPMk70lUtR/cNEvK+KAKXl8rURuP6myUcJ/RrxpcHctklMzdHonvCxasSHHM=
last-modified: Thu, 29 Aug 2019 14:15:34 GMT
server: cloudflare
etag: W/"e835fc393be7df8bc21680227886c2a8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKRxUP3DRCyWW2vJaZMulb4j6QBldfJkHfGi7ui1x1jT6YGzhd6MCmDIaseYs8lWGQhkzElh9ppR18z%2FN2V57PkPesKeRBLZrd2LyRWC0A4y6J4WBP%2FmGGrYlENNp2gr"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0e4bcf79cf-SYD
x-amz-cf-id: Vzn3eL6uJ31ceGgYnlIj7NK0vkMGHeBIoYM5lWt760GylGrjm_w2aQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 312 KB
104 KB 521ms
120ms Script
application/javascript 142.250.71.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.71.72 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

dcc39642039ac0d3dbe755213191c648cbf4efe525547c4693661aa24d3587a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106020
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Feb 2024 22:41:47 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 424 KB
120 KB 531ms
130ms Script
application/javascript 142.250.71.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.71.72 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

119f872a3cdeba6cf0d204544fe4b9b947d21b6680c162b9c5229266ff7d69b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 122427
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 22 Feb 2024 22:41:47 GMT

GET
H2 200 lftracker_v1_OKM7ZEDV9rXg2zo4.js Show response
lftracker.leadfeeder.com/ 31 KB
11 KB 14ms
3ms Script
application/javascript 13.224.181.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lftracker.leadfeeder.com/lftracker_v1_OKM7ZEDV9rXg2zo4.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.181.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-181-26.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 605ade5eddc1740b39bfc81140b42945008049c00f8971b692c913673a824524

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: OmhD1sQNxXJMhKz6Sb01CAYGYDmzrEwO
content-encoding: br
via: 1.1 23bcdd719bfa269e077f081512f9c624.cloudfront.net (CloudFront)
date: Thu, 22 Feb 2024 22:41:19 GMT
last-modified: Thu, 08 Feb 2024 07:10:21 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C2
age: 3425
x-amz-server-side-encryption: AES256
etag: W/"2fbedcab55dd41ef22810c76067d25a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: RItx1UeuUsMtFrLc5P36qIC6XhzuwSewh2WBk1tC28L07Sc_L5prNw==

GET
H2 200 css
fonts.googleapis.com/ 4 KB
798 B 101ms
100ms Stylesheet
text/css 142.250.76.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto|Montserrat

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.106 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f10.1e100.net

Software

ESF /

Resource Hash

90798df68ecbb59920e7c732d62d6a15b436a2726c15b9fa0d44163fc1e721a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 22 Feb 2024 22:41:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Feb 2024 22:41:47 GMT

GET
H2 200 close.svg
www.avanan.com/hubfs/jacob_redesign/page_icons/ 513 B
1 KB 268ms
267ms Image
image/svg+xml 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/jacob_redesign/page_icons/close.svg

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 ffd639fe55ad689097e5ac53454a5504.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 491917
x-amz-cf-pop: SFO53-P1
x-amz-request-id: BCX8VFR214PRRMVX
content-encoding: br
edge-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
x-amz-version-id: aGBLOARAtDK9aU8eL5GIguuA_ii6l6Ic
x-cache: Miss from cloudfront
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8c4p72K/citXX84cbudmcnbqEO/FvKT/MP9cmB6gVQBwCoL1StTEgNnIBIaMMhMsqvaIKKy8nOhFcuSMheXCgA==
last-modified: Wed, 14 Aug 2019 14:58:10 GMT
server: cloudflare
etag: W/"cad7540d366ad86e66ac89079055b4b9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=woTOIv%2BS7W9UHgxNxwcBabRGcDIW5rl6h0VmVkSmgKpP%2FU9wwPgWaHOpqu1bvD9P6Hq8FSV%2BwU1NyGgxtuiHQNBam6W%2BXuQ2yq0s9OHOuBnBqJzc61wExjEehAypMEpD"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray: 859abd0eec8679cf-SYD
x-amz-cf-id: Y0J9xUY3eD-SlOIqDqo903kK-TQ1hBMDrnKWAkk7kz-LdAjGrGqKzA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
61 KB 100ms
99ms Font
font/woff2 172.64.206.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.206.38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1657936
alt-svc: h3=":443"; ma=86400
content-length: 62472
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDM2TSnczuSUukwoMdeP4yh889sGt1pWUmuPUYcASGL2OIJb6l5ox9kROzkOpXXUTg4W24VUCQf0zICgpDwqUTA0hsi1XS9cGcVcfKGzenyDOmCrpG1zVJ8FKXYtBvGe57X3mxfG"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 859abd0f3c066bdb-SIN

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 412ms
12ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 11:14:38 GMT
x-content-type-options: nosniff
age: 41229
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 11:14:38 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 403ms
3ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 23:17:14 GMT
x-content-type-options: nosniff
age: 84273
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 23:17:14 GMT

GET
H2 200 u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v27/ 27 KB
28 KB 411ms
12ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v27/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 20:51:00 GMT
x-content-type-options: nosniff
age: 525047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28076
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:14:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Feb 2025 20:51:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 403ms
4ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 00:39:54 GMT
x-content-type-options: nosniff
age: 79313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 00:39:54 GMT

GET
H2 200 Y3Xha8Lh4KbwT09JKuaSiLrM_9s3PtLTO7qVZ6tvG9Gh6Rn0717530VC6IZjkAWZeAVMAiwPTiOvY6PrApUghlzaigLdOofqmSdNk1P10-GVTkFeKum3Ry4PN-kPWSXZyKVbo15AdZRfochIWS6ttM8
lh3.googleusercontent.com/ 132 KB
132 KB 404ms
3ms Image
image/png 142.250.66.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y3Xha8Lh4KbwT09JKuaSiLrM_9s3PtLTO7qVZ6tvG9Gh6Rn0717530VC6IZjkAWZeAVMAiwPTiOvY6PrApUghlzaigLdOofqmSdNk1P10-GVTkFeKum3Ry4PN-kPWSXZyKVbo15AdZRfochIWS6ttM8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.225 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f1.1e100.net

Software

fife /

Resource Hash

2625d7bbfa42707e54c3acce1ea1ac20354f6b39f9ca0926a1d1ccc75557c921

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:20 GMT
x-content-type-options: nosniff
age: 27
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135040
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 23 Feb 2024 22:41:20 GMT

GET
H2 200 FLr5FKGnX1dMCKianebcc8R8N3vSBhei7SHKrTWTbsJaDJDIN0TZHLC6j5_VPnSYOwRRnqgVz8uoKHVQ7vKDlVIBqiCOJ0EgsuCKcR9G8z1os2HDD2Iu6LqmSuceMxn3yeftZpIOe_gYQ_1fG6Idzfg
lh5.googleusercontent.com/ 43 KB
44 KB 405ms
3ms Image
image/png 142.250.66.225
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/FLr5FKGnX1dMCKianebcc8R8N3vSBhei7SHKrTWTbsJaDJDIN0TZHLC6j5_VPnSYOwRRnqgVz8uoKHVQ7vKDlVIBqiCOJ0EgsuCKcR9G8z1os2HDD2Iu6LqmSuceMxn3yeftZpIOe_gYQ_1fG6Idzfg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.225 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s15-in-f1.1e100.net

Software

fife /

Resource Hash

defe8bdd321daa5f879a3ce5ae929266c7f8c79b87539e2bf148291f7a5fb5f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:20 GMT
x-content-type-options: nosniff
age: 27
content-disposition: inline;filename="pasted image 0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44291
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 23 Feb 2024 22:41:20 GMT

GET
H2 200 purify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 21 KB
8 KB 12ms
11ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js

Requested by

Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 607090
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7628
last-modified: Fri, 06 Jan 2023 14:33:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63b83136-1dcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bj7g8rx4tMSSAlZjFI9FrId5GRt5JunttCHi8IgqWW%2B%2FKVbHLM%2Fenasltpof9UbdTECMrvI18Au4kS8ZcMNJym2PosiDFIQrSgkdEx2JAFn8AWCOKl6hkUknENG%2FUC5DUz1%2FtDG5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 859abd0f0e2a5739-SYD
expires: Tue, 11 Feb 2025 22:41:47 GMT

GET
H2 200 widget.css
www.gartner.com/reviews/public/Widget/css/ 155 KB
110 KB 30ms
29ms Stylesheet
text/css 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7de470eb749b68a909379ee3bef2073c96c0a5f8f0df1b2f56a699cf2a4742d2

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: HIT
age: 611892
cf-polished: origSize=158367
x-powered-by: Express
server-timing: dtSInfo;desc="0", dtRpid;desc="-677075104"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 09 Feb 2024 09:46:47 GMT
server: cloudflare
etag: W/"26a9f-18d8d432f58"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
cf-ray: 859abd0f09bca979-SYD

GET
H2 200 data Show response
www.gartner.com/reviews/public/Widget/ Frame F9CB 37 KB
15 KB 30ms
30ms Document
text/html 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 93c8eb3bb26d39669934d7784b86df347db45894a88416d5d84a1ca57efe093b

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 602221
alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: HIT
cf-ray: 859abd0f09c1a979-SYD
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 22 Feb 2024 22:41:47 GMT
server: cloudflare
server-timing: dtSInfo;desc="0", dtRpid;desc="821085257"
vary: Accept-Encoding
x-oneagent-js-injection: true
x-powered-by: Express
x-ruxit-js-agent: true

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 63 KB
63 KB 179ms
178ms Font
font/woff2 172.64.206.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.206.38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1652951
alt-svc: h3=":443"; ma=86400
content-length: 64144
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "6814d0e8136d34e313623eb7129d538e"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wl4Y5sKVUAL3sKJMpa5N2VBbTbBxnSx6hLtcY%2FiGwwvROsPB1nDqV5sy0Ap4whLMaM%2FB3tYrzNhISHtxXI9EelwbMcBrzPib2EIKeHCNor6fZqS7UBXSZnSE9NyWWrhXN%2F4kEw0r"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 859abd0f6c176bdb-SIN

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 380ms
10ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 00:22:54 GMT
x-content-type-options: nosniff
age: 80333
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 00:22:54 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 382ms
13ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 21 Feb 2024 21:52:19 GMT
x-content-type-options: nosniff
age: 89368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Feb 2025 21:52:19 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v26/ 15 KB
15 KB 379ms
11ms Font
font/woff2 142.251.221.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Montserrat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.67 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f3.1e100.net

Software

sffe /

Resource Hash

4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 10:53:50 GMT
x-content-type-options: nosniff
age: 42477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14940
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Feb 2025 10:53:50 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 586ms
96ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

5e3cdaac351e33cc529cdb65d135fd74ed31ea5bcbb487e64b61696e75aaf41b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 22:41:47 GMT
content-md5: rVH5Sg7NP2C3w2xEmJmNbA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1687
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: KEA1Ecs4PYv5B7nGsdU8E//PkksvEG9C+5Npl/mtmT0o62hYjjwSAh2MabO3qj4UR/wv+LBazhHtJ/8xWbk8EA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 367a2af3d21c081a53cfc2bb9b27d498
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "9e4a00589c7cf81d80dccceff47606b3"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Thu, 22 Feb 2024 22:59:18 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 309ms
2ms Script
application/javascript 192.229.237.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.237.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nwa/E78E) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 22:41:47 GMT
Content-Encoding: gzip
Age: 1333
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (nwa/E78E)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 /
tr.lfeeder.com/ 43 B
294 B 316ms
306ms Image
image/gif 18.67.111.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=OKM7ZEDV9rXg2zo4&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6W10sImdhQ2xpZW50SWRzIjpbXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi42Mi4zIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5hdmFuYW4uY29tL2Jsb2cvdGhlLW1pY3Jvc29mdC1yZXBseS1hdHRhY2s/dXRtX2NhbXBhaWduPUNhbXBhaWduJTIwLSUyMElCLU9CJTIwUmFuc29td2FyZSUyMEFQQUMlMjAyJTJGMTMlMjAtJTIwRlkyNCZ1dG1fbWVkaXVtPWVtYWlsJl9oc21pPTI5Mzk3MjgxMiZfaHNlbmM9cDJBTnF0ei05RHV1TlZkU0N2bHlseW1PdWFUSW1uaHF2WWxta3J2bHJMeW55REdHME5CUGFoc0ZMWGVKb1ZLTkx0c0h1QVRkM20xem81aTNoYWxiZDJBempCdmxGd19wSTJEWmh3RWNXOXNRb1FjalhNTlRIYV9UZyZ1dG1fY29udGVudD0yOTM5NzI4MTImdXRtX3NvdXJjZT1oc19hdXRvbWF0aW9uIiwicGFnZVRpdGxlIjoiVGhlIE1pY3Jvc29mdCBSZXBseSBBdHRhY2siLCJyZWZlcnJlciI6IiJ9LCJldmVudCI6InRyYWNraW5nLWV2ZW50IiwiY2xpZW50RXZlbnRJZCI6IjQ4OTJhY2E3NTJjYjBmYTciLCJzY3JpcHRJZCI6Ik9LTTdaRURWOXJYZzJ6bzQiLCJjb29raWVzRW5hYmxlZCI6dHJ1ZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjp0cnVlLCJsZkNsaWVudElkIjoiTEYxLjEuZmY5NjAyMmY1YmQyNTdiMS4xNzA4NjQxNzA3Mzk0IiwiZm9yZWlnbkNvb2tpZXMiOltdLCJwcm9wZXJ0aWVzIjp7fSwiYXV0b1RyYWNraW5nRW5hYmxlZCI6dHJ1ZSwiYXV0b1RyYWNraW5nTW9kZSI6Im9uX3NjcmlwdF9sb2FkIn0=
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.111.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-40.syd62.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
via: 1.1 f993a09ee51fef62e3d92f6802c130d4.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: SYD62-P2
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: YuxEKXLi0A0jArFNEtkauI7joCj5kaDi8zO1-TFizGhDJr0F0QLDhw==

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1835778/ 69 KB
23 KB 320ms
10ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1835778/banner.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 450e19b5476bc3139c1fcd08e628452998b5b36d2f52528cc2ecab3b6c5a88d1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: sq2bhfj3tKaJUQrTJt0mP47bMlvaH8f.
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: JKQXWGHMQH75VSV9
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 307070de-9642-45ca-8eda-586f9a13c852
age: 27
x-envoy-upstream-service-time: 33
x-amz-id-2: E91W87sQQR1xTL+BP7UEtp6R5LJpKFFOUa2e+y0pVNKg3r+u8u35s/Y9iSqYxcfDDA0ozL324Li7BMytcJcYQGdcTLZ4nas3gXyZgXQYEZY=
x-evy-trace-listener: listener_https
x-request-id: 307070de-9642-45ca-8eda-586f9a13c852
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 15 Feb 2024 16:31:41 GMT
server: cloudflare
etag: W/"6299b7480f8e973bc99888efdc0652b1"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-rk9w9
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 859abd11496b5527-SYD
expires: Thu, 22 Feb 2024 22:46:20 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 320ms
11ms Script
application/javascript 104.17.229.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.229.163 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7b88f6ac1ab16f64fbef6c112cf90ec87b9ec392707cc68a0c24f4d79cab007

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: xJ6gA7_aHqA2aBho2L24oFgDKE0QVk9F
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 578
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.526/bundles/pixels-release.js&cfRay=859aaef1cce0a898-SYD
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 8e3af2f9-bf18-4ae4-82ff-b95f0b657817
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8e3af2f9-bf18-4ae4-82ff-b95f0b657817
last-modified: Thu, 22 Feb 2024 18:18:35 UTC
server: cloudflare
etag: W/"e837f14dd4a646ee7c5997e3ab75b53c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-mdmps
cf-ray: 859abd114969571b-SYD
x-amz-cf-id: wHEK2KaegglM-mVBzvpayCKCY28B4udCgPY4QxWVrdsHiQgN6VcQlA==
x-hs-target-asset: adsscriptloaderstatic/static-1.526/bundles/pixels-release.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 321ms
11ms Script
application/javascript 104.18.122.12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.122.12 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding: br
age: 74746
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js&cfRay=85939c332ae7556f-SYD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"2a6dc24f5ac6c8a7eefaadde95ff2129"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1313/bundle/main/lead-flows-release.js
date: Thu, 22 Feb 2024 22:41:47 GMT
x-amz-version-id: ukHk26vS_rf4a6X6Ik2.9R2qKIwOxT4G
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 5aa051ee-7109-430f-92fb-ee2b085490ad
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5aa051ee-7109-430f-92fb-ee2b085490ad
last-modified: Tue, 06 Feb 2024 10:46:39 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-xbcdx
cf-ray: 859abd1249a1aae3-SYD
x-amz-cf-id: ArLfDETSobOXt8dacV4CP8uxTiTDt911ATsw-KbpB4BRFgT00CspdQ==

GET
H2 200 1835778.js Show response
js.hs-analytics.net/analytics/1708641600000/ 66 KB
21 KB 325ms
15ms Script
text/javascript 104.16.78.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1708641600000/1835778.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.78.186 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25cbb25cc5350aa8e6257af038a80a00505335ac9448dab989aa4ec34db00bc0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:48 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: RA3Z15QJ35AZAMPR
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 8fcc9e01-2e17-4ce3-9dcf-f77b9149d39d
age: 27
x-envoy-upstream-service-time: 39
x-amz-id-2: okEjIAXzet+6dNSFd2kEXcJ8HrDqbPJMZYQ14Hg1yQniwqr7tULYK6wm/GLEFGlj1MAqMULl0Pg=
x-evy-trace-listener: listener_https
x-request-id: 8fcc9e01-2e17-4ce3-9dcf-f77b9149d39d
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 15 Feb 2024 16:31:40 GMT
server: cloudflare
etag: W/"518b5cc2d2cd93dc22fa2cabed110368"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-phrfm
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 859abd131aa6aae3-SYD
expires: Thu, 22 Feb 2024 22:46:21 GMT

GET
H2 200 ruxitagentjs_A2NVfhjqru_10271230629152232.js Show response
www.gartner.com/ Frame F9CB 158 KB
63 KB 30ms
29ms Script
text/javascript 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10271230629152232.js
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd9a35f5f9c1d5cf113f589c9e65acd08a98fea0ed44b28ddca8b5490806f8d3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
server: cloudflare
age: 597857
cf-polished: origSize=161696
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
cf-ray: 859abd0f8a37a979-SYD
alt-svc: h3=":443"; ma=86400
expires: Sun, 09 Feb 2025 02:05:44 GMT

GET
H2 200 data.js Show response
www.gartner.com/reviews/public/Widget/js/ Frame F9CB 2 KB
918 B 23ms
22ms Script
application/javascript 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/data.js
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 09 Feb 2024 09:41:33 GMT
server: cloudflare
age: 597782
etag: W/"6d4-18d8d3e64c8"
x-powered-by: Express
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
server-timing: dtSInfo;desc="0", dtRpid;desc="-927377867"
cf-ray: 859abd0f8a35a979-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 api Show response
www.gartner.com/reviews/ Frame F9CB 6 KB
2 KB 316ms
316ms XHR
application/json 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/api?apiKey=ZTU3MThjMWEtOTc1ZS00YzgwLWIzZGEtNDg0ODlkMDc0ODRk&paramsKey=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/data.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9f23b284e0eb665f61e76b6d0a3c8216f430288697e89ff45bf3ef1a2f48a7b9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"1742-NYSdqPEnTmvwlRjYHo+xGz5U0ac:dtagent10271230629152232uJ2N:dtagent10271230629152232uJ2N"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: private
server-timing: dtSInfo;desc="0", dtRpid;desc="405037954"
cf-ray: 859abd0faa5ba979-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
764 B 241ms
240ms Script
text/plain 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1835778&callback=jsonpHandler

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0d7a033f-69ed-463c-bdbb-422cd935e200
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=859abd113c36dfb3&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 0d7a033f-69ed-463c-bdbb-422cd935e200
server: cloudflare
x-trace: 2BFA748486C0E887A94C4AE5A8915A6BB8DCEA4410000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-576f9d768-4p57r
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 859abd113c36dfb3-SYD

GET
H2 200 postlisting Show response
www.avanan.com/_hcms/ 6 KB
2 KB 320ms
320ms XHR
application/json 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=recent&orderByViews=false&hs-expires=1739791988&hs-version=2&hs-signature=AJ2IBuF6ueplfnWtsAJ0WIYMN0p8Gt92tA&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d864aaf8c3bbd62ae3be25f19d2fc1e6eb5218f6e7e251dc7a23fdc8c9648d4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a5995bbc-ac76-4c07-a8b9-42d6631b6745
content-encoding: br
x-envoy-upstream-service-time: 19
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a5995bbc-ac76-4c07-a8b9-42d6631b6745
last-modified: Thu, 22 Feb 2024 22:41:47 GMT
server: cloudflare
x-trace: 2B5424DBC081CA1A3A8B02064002A65233B862952E000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRr%2BVomiRnhQG4DD%2BgPGJd373mEp4QPya9L9gm9WZmbR20UBeB1PyEj74YYquYQZC20PVU1a9MkBr9Mq6y6mKgjwqSaHyurD4IBz%2Fbo2ljFxg9fcZcDW%2FqSqFSQQh8RB"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-85ffd96848-x6hnp
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 859abd105def79cf-SYD
x-robots-tag: none

GET
H2 200 postlisting Show response
www.avanan.com/_hcms/ 7 KB
2 KB 327ms
327ms XHR
application/json 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=popular_all_time&orderByViews=true&hs-expires=1739791988&hs-version=2&hs-signature=AJ2IBuGC57byaWJp_KhLHEcBmo4X3t5I2Q&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dad13fc8c9cbaf0489bcbf38bdf2fa7ed610b9ec06a53b9052636fdf56d57435

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0cd4d0b9-24fd-4ddd-9e66-f2dd650769c4
content-encoding: br
x-envoy-upstream-service-time: 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0cd4d0b9-24fd-4ddd-9e66-f2dd650769c4
last-modified: Thu, 22 Feb 2024 22:41:47 GMT
server: cloudflare
x-trace: 2B68D31F14C5C349786A472E75F64EA3D784844261000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLe9%2BAEsGfIaAbanIZQeExiHGnnG9UaN8Xoj1d8eQGEqd8RllKG5dU0FGs3tSADOjfRAjl0gIUQuYDDBNWGBq%2FB2gsVEZPHp3Szexc6k%2FufThO29SuP0xAPnUOSJ0Bgs"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-85ffd96848-x6hnp
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 859abd106df079cf-SYD
x-robots-tag: none

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 4 KB
3 KB 272ms
272ms XHR
application/json 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&pageId=106960374431&pid=1835778&sv=cta-embed-js-static-1.258&utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&rdy=1&cos=1&df=t&pg=c953fa87-efa0-494e-9947-98ffe764fcd8

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7a1550feb7e44d73ddb4614ece52c21bb3794b1f75fba973d238a0a9c1ae10d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ae87a4a-de1f-4e73-a550-65c35dec9399
content-encoding: br
x-envoy-upstream-service-time: 36
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ae87a4a-de1f-4e73-a550-65c35dec9399
server: cloudflare
x-trace: 2B894473FA3FC1CF7A8399CF3CB7A89BC095C49E9F000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-8vflb
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERPQBavuGhQOZtelzP5VHBh6z8s%2Fc6%2BQd4owzFDbtW%2ByySo6%2B1SkuryBrqxQ6txwVjRZKhciqbE14L2KhKs3rInGE4qyLt%2F1wwaEG5H1Wnk6qaW4P6apizpzS1tRT48DpBYC1gI6g%2BAQTNTxyog%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 859abd106b78dfb3-SYD

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame 74C0 319 KB
104 KB 2ms
2ms Document
text/html 192.229.237.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.237.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nwa/E78F) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6326412
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Feb 2024 22:41:47 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nwa/E78F)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 74C0 870 B
661 B 584ms
291ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=c3646cfee0de11a31cad6cca0e0dd163f49dc23d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_r /

Resource Hash

8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-response-time: 146
date: Thu, 22 Feb 2024 22:41:47 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Thu, 22 Feb 2024 22:41:48 GMT
server: tsa_r
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 272793af6e34c647
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: 4e0e09940e4810eacd9d14983e6938fbc9bfb2d26b08cd9ffaf43e66bf4689c4
content-length: 338

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 113 B
1 KB 578ms
269ms XHR
application/json 104.17.203.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1835778

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.203.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: aafbb1df-8cfd-40c7-8c30-dea0d8683570
content-encoding: br
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: aafbb1df-8cfd-40c7-8c30-dea0d8683570
server: cloudflare
x-trace: 2B7EF0BB8BD44AB26CB60798E81B84DEC9FF50CDB0000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-59d6fb747d-9hzz2
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2MoIE%2BVr7AGZUOWO5AVHk6r1F8JD4th%2FIlR2THcN1SPiUXa%2B%2FcGsESEYI929AgABzD4YS3TG15HTfPmgl%2BQlosrz3NOGsY%2BHUSC1YdITaci7pDgeJNpt9%2BNQKRThK5F"}],"group":"cf-nel","max_age":604800}
cf-ray: 859abd139c72a7ed-SYD
access-control-allow-headers: *

GET
H2 200 logo-bubble-white-bg-2x-min.png
reviews.static.gartner.com/public/Widget/img/ 2 KB
2 KB 14ms
13ms Image
image/png 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/logo-bubble-white-bg-2x-min.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
cf-cache-status: HIT
age: 602385
x-powered-by: Express
server-timing: dtSInfo;desc="0", dtRpid;desc="-609372457"
alt-svc: h3=":443"; ma=86400
content-length: 2339
last-modified: Fri, 09 Feb 2024 09:41:33 GMT
server: cloudflare
etag: W/"923-18d8d3e64c8"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 859abd11dd14a979-SYD
expires: Fri, 23 Feb 2024 22:41:47 GMT

GET
H2 200 stars.png
reviews.static.gartner.com/public/Widget/img/ 1 KB
1 KB 27ms
26ms Image
image/png 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/stars.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
cf-cache-status: HIT
age: 602385
x-powered-by: Express
server-timing: dtSInfo;desc="0", dtRpid;desc="1784002855"
alt-svc: h3=":443"; ma=86400
content-length: 1269
last-modified: Fri, 09 Feb 2024 09:41:33 GMT
server: cloudflare
etag: W/"4f5-18d8d3e64c8"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 859abd11dd17a979-SYD
expires: Fri, 23 Feb 2024 22:41:47 GMT

GET
H2 200 chevron-right.png
reviews.static.gartner.com/public/Widget/img/ 217 B
373 B 16ms
16ms Image
image/png 104.18.34.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/chevron-right.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.34.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:47 GMT
cf-cache-status: HIT
age: 597761
x-powered-by: Express
server-timing: dtSInfo;desc="0", dtRpid;desc="1930170606"
alt-svc: h3=":443"; ma=86400
content-length: 217
last-modified: Fri, 09 Feb 2024 09:41:33 GMT
server: cloudflare
etag: W/"d9-18d8d3e64c8"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 859abd11dd1aa979-SYD
expires: Fri, 23 Feb 2024 22:41:47 GMT

GET
DATA 200
OK truncated
/ 36 KB
36 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7

Request headers

Referer
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
605 B 237ms
236ms Script
application/javascript 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=1835778&pg=c953fa87-efa0-494e-9947-98ffe764fcd8&lt=1708641707359&dt=1708641707360&at=1708641707855&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 22 Feb 2024 22:41:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: df4e0ca8-91a0-41d6-abb1-80dd32087f4a
x-envoy-upstream-service-time: 3
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: df4e0ca8-91a0-41d6-abb1-80dd32087f4a
last-modified: Thu, 22 Feb 2024 22:41:48 GMT
server: cloudflare
x-trace: 2BC1B028DDC26DC7C73D312CCAB3E165405DE55D3E000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ju%2FCBPCIjZB6QdkpbJFVhPseQz1h3IZ%2FMQRGM8Rm9aTMOPdnSSP%2Feu2nqSqnM5H5CC2iJQqri76znfwEIHdYsJioKzJ%2FtSP6MDV60h%2Bss6I%2FHa1E9rjSkNRMn7paLKSrfdgiknNMJ3E9Og9qyX0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-8vflb
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex, follow
cf-ray: 859abd121cc7dfb3-SYD

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 541ms
230ms Image
image/gif 104.18.192.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.192.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 22:41:48 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: f6062268-f282-447e-afa6-439da480e69c
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f6062268-f282-447e-afa6-439da480e69c
Last-Modified: Thu, 22 Feb 2024 22:41:48 GMT
Server: cloudflare
X-Trace: 2BFD9F29E7089D80F2C186E12FB4E60A080BB2DA0D000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-whsvb
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 859abd140ba1a967-SYD

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 551ms
241ms Image
image/gif 104.18.192.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.192.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 22:41:48 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 855d454e-af0e-4237-b65f-93a789d66dae
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 855d454e-af0e-4237-b65f-93a789d66dae
Last-Modified: Thu, 22 Feb 2024 22:41:48 GMT
Server: cloudflare
X-Trace: 2BC58424CB7AF3889CE177D82017218DD7216C3486000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-r4fkb
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 859abd140db9aae9-SYD

GET
H2 200 4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 13 KB
14 KB 31ms
28ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
age: 604773
x-amz-request-id: N85GC33EGMYBWTD5
edge-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "477b6391512f284fdb1b9be9e024d97f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 1d781f2bb177b851bc1e5873375e5544.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ydaMoVEI3EqauKaA9V2_DbfLmkZ4PelZ
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=14729
x-cache: RefreshHit from cloudfront
cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 13698
x-amz-id-2: 8ZqfK8VcRz+SR63stXNsbbwiQEjdsoxUgXreEZ2QwK9UcIO7qBcN5ZN0E2dTH/rwGcK79MUlo9A=
last-modified: Mon, 15 Jul 2019 15:27:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8o3TAtQ5HgEsDP8HY8Vl5DN0pKSXte5EpP8whd25WfW4APJ33x7tumxj%2BvbzbrCbpEws5f2Bh430YOldo9Sze7YCwlNPKEAJUWdciCXBg17v5fI0LS0kirhRd7fuymK"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f5b79cf-SYD
x-amz-cf-id: 4C7VULYQTKeNLkIbNPe77VZVBV0tBbAiahB5xWvdkB7Lnc-e3YF26g==

GET
H2 200 Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 6 KB
7 KB 31ms
28ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
age: 604773
x-amz-request-id: 39JJ8QMWQ7C0C7NH
edge-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8125afc7f8e4f6afcb3215c0f0838e9f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 f21e2ffc4473de4703e807b6f2df3d0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yOBXxHcQhK5AkB0oyxYBslCmMPyxVN5L
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=7014
x-cache: RefreshHit from cloudfront
cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 5920
x-amz-id-2: o/ajsXCw0NTZj5tl1iGDolO3GbrBmz05H7G69+4IgPKG1SyZwmBI5swQn+mfQ4uBCV38MherIa07mnUH5zqBc7ikKQ6KKvidv/ATFkwz634=
last-modified: Mon, 15 Jul 2019 15:09:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDR6B%2F3oVTzYL5jl7iFaLmafnjQfFKp%2BZm0pdsJQKYitqdwJ7ju7sNNjzXYMrCwTC40QKgQNWSKsvsAGNdkAtSQRVWvUEDaZXMsOf%2Bih%2FwCoRZKWN%2BtvYNQvfC%2F0zC%2Bl"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f5c79cf-SYD
x-amz-cf-id: nVe0qTVJFGeSOPFyOCdwUdGWzPlpAK5FExshqSoBX_mNMMed4w05RQ==

GET
H2 200 Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 10 KB
11 KB 34ms
32ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
age: 600377
x-amz-request-id: 8GWD4VG1SBBRHEBF
edge-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "b6aafb5047af62538589406b53694ac6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 f21e2ffc4473de4703e807b6f2df3d0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: N_MnPa4GyRrx42wIuC2oH5cUB01QyWa3
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=12541
x-cache: RefreshHit from cloudfront
cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 10722
x-amz-id-2: vnwu3tdjc0Xz/MZ9DlytsF+6dCByXMUR324pVtB2soib4OstlJ7bjvbq+yiwfndGmwSGzyJzRaE=
last-modified: Mon, 15 Jul 2019 15:29:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkjuY7G80Nx6tj6IRoHkmO0JlVYyR08Ne%2FHkj94qz0lBIHLtxx3be1PVOS0Pf0XZo7hDsMaJnKv9TNNGfD6HvzO5lzMrSP4G3BKdUMjMGBotIblFakHds6Wo0KBMPbgl"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f5e79cf-SYD
x-amz-cf-id: I6l5Tg60Xhs_h7Zr2ai3lMeZhh2aqV4tqv98rCcITavZX4G7CDjijg==

GET
H2 200 Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 10 KB
11 KB 32ms
30ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
age: 421016
x-amz-request-id: QQF74YE2XJQ5A035
edge-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "bca56f3cf898c1b6593fb7ed155d1c49"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 178e2f9ab443422a8dba5a165856ed1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FviQOCsHbLeXzaUcA2EbVpPC3vT_wGWu
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=11848
x-cache: RefreshHit from cloudfront
cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 10258
x-amz-id-2: UYS8RSOP8mtyhWTqybwE+Ae9NkKfepn0mtPnfPjaUOoXfDONJ/u6N0E+Q/p77yQinn973oQwHjk=
last-modified: Mon, 15 Jul 2019 19:24:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ivx%2BUZGhPjLJ0wehBsq%2F2IawAqyRJY6WRqlah9qnM63pBxj%2B62eo50mdQUdFXclI%2F0pl9L07Pw%2FIYbdBWxxcVQtxh8xI3dcItt5G7RRI7DvE%2FxtaHsDhil7LCZtv9PV%2F"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f6079cf-SYD
x-amz-cf-id: 1I_dAtTIlMenJiMzPUuNFZl0qKbzjc1VdiTsRQQ6-OJxWYk6QFj6AQ==

GET
H2 200 baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 5 KB
6 KB 38ms
37ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
age: 600377
x-amz-request-id: N85R52G2Q40K5637
edge-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "fc3f83b4e407e381c43aab80d24ea1d4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 971cad87e8cdac9c4a5f2f575e735184.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: G5ELs3jKBLJmOK8DWOt6WhtX3JSMSxSz
x-amz-cf-pop: SFO53-P1
cf-polished: origFmt=png, origSize=7128
x-cache: RefreshHit from cloudfront
cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 5408
x-amz-id-2: 1WxTrEwomIzScEsYtb4ZF1aXLMPcOroY8+9KeQwOaKX7BB5vR63AdSOeGz51qMvrhP62MrtSGpg=
last-modified: Mon, 15 Jul 2019 15:25:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SLkJbvu0LVX%2FHOauGBWjtFTxZX0Bsyqbv8QEg0CmKSV%2BMK7t0Rq3ek6A02c%2Bpqh%2F7oEC1715S7JJslPVAOtvmLnGoGBtXHNwcraJvfaiE%2Fe69MUBwaJ00%2BaP1Q5LEo47"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f6179cf-SYD
x-amz-cf-id: JGEPwXNaNYmYtNjPWlYsByIXpCq4VvemwkxXzmJE-HQUwNgMnB4jZA==

GET
H2 200 Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 8 KB
9 KB 35ms
33ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
age: 611859
x-amz-request-id: N85YWNM8AWY8M8KH
edge-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
content-disposition: inline; filename="Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "548590285b53aff019e25f9f13cb06ea"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 f94332f6513a4c7b3f2217e6b2ddc08c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2lJpL73VoPYJGYmEK4csso3aWzFV5e03
x-amz-cf-pop: HIO52-P2
cf-polished: origFmt=png, origSize=9877
x-cache: RefreshHit from cloudfront
cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 8328
x-amz-id-2: F9PFOlHr7KZIUTY0FxsshEBcO9YARRflXpblKfQVSeaIXO9ebYVi02SWSucajfB3uiRZc3CSH2g=
last-modified: Mon, 15 Jul 2019 15:28:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHSLvQ56H%2FvRljvpbkA%2BphuLv3QGRuj%2Fw3%2BzqAzGpaHwohiWSVptkrGcWknELAbQ8d5x9iG4LW%2FiwxtHzQvkHeOkiPubYcmPAUb6eDBTLpXB3M3F2k26akNZBI%2FR%2BXD4"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd127f6379cf-SYD
x-amz-cf-id: BgrJ-dCUZyfzFxaaFuqH3pjKmO2KoaSsfQVfsWx6T3zhQ_93uymj2w==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 300 KB
86 KB 582ms
94ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=a7566c38155f2070733abdba3ade3294

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

7b13825f4daba8d0a18692693b4090e5843c200b0bbcc03821a8e4dca3d25cc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 22:41:48 GMT
content-md5: Eur93MzM2Un4quqVNT6muQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86654
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-debug: 9I/VRxFa3sNrnuv8DPs1AQY4T6nB2zgzk9U6vujRpBZ+pQbwpJvQ3wsNqIog++YiyZxrBsovj6s8KQaAMp/dvg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: a6331ff11f5bfca8742baa091eac8197
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "c183cbafc2766b439a8c08601c6f7f9f"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 21 Feb 2025 20:38:25 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 328ms
19ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be2dfa172d505acb197760b55c4731347cc239a7a046013c251948bb8214dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jEXNH7qItSS8Y+G7eM2k2w==
age: 7321
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Wed, 21 Feb 2024 19:21:22 GMT
server: cloudflare
etag: 0x8DC33124A3175B0
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 5cf5fd61-301e-0046-343c-650d04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 859abd15293e5c0f-SYD

GET
H/1.1 200
OK button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 2ms
2ms Script
application/javascript 192.229.237.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.237.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nwa/E78E) /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 22:41:48 GMT
Content-Encoding: gzip
Age: 6326393
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2620
Last-Modified: Mon, 11 Dec 2023 17:19:47 GMT
Server: ECS (nwa/E78E)
Etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html Show response
platform.twitter.com/widgets/ Frame 4A91 33 KB
13 KB 4ms
2ms Document
text/html 192.229.237.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.237.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nwa/E78E) /
Resource Hash: 320f88c7a9672864d92d9369cde081ba7c6e9a27cd0592755b011be432373882

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6326392
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Feb 2024 22:41:48 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nwa/E78E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2f70fb173b9000da126c79afe2098f02.en.html Show response
platform.twitter.com/widgets/ Frame 3B17 33 KB
13 KB 4ms
2ms Document
text/html 192.229.237.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 192.229.237.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (nwa/E78E) /
Resource Hash: 320f88c7a9672864d92d9369cde081ba7c6e9a27cd0592755b011be432373882

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 6326392
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 12332
Content-Type: text/html; charset=utf-8
Date: Thu, 22 Feb 2024 22:41:48 GMT
Etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:48 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (nwa/E78E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
105 B 293ms
292ms Image
image/gif 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22AvananSecurity%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1708641708360%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=c3646cfee0de11a31cad6cca0e0dd163f49dc23d

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_r /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-response-time: 147
date: Thu, 22 Feb 2024 22:41:47 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 22 Feb 2024 22:41:48 GMT
server: tsa_r
vary: Origin
content-type: image/gif
x-transaction-id: 0564ae20d3ab35fa
cache-control: must-revalidate, max-age=600
perf: 7469935968
x-connection-hash: 4e0e09940e4810eacd9d14983e6938fbc9bfb2d26b08cd9ffaf43e66bf4689c4
content-length: 43

GET
H2 200 52127f8b-58c8-43a1-aff0-3c29a26e76d8-test.json Show response
cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/ 5 KB
2 KB 590ms
283ms XHR
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2f85bc03d72fdd58ac7fb2cb580914b4679bcf8c99533ba20743ee73d0e28ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: zW+nmlOpfOHASPspd29pVQ==
content-length: 1806
x-ms-lease-status: unlocked
last-modified: Wed, 27 Sep 2023 17:33:01 GMT
server: cloudflare
etag: 0x8DBBF7FCC4B93BF
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 44ae3077-d01e-0095-58e0-65d136000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd173c89a80d-SYD

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 45 KB
16 KB 326ms
2ms Script
application/javascript 104.99.59.34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.99.59.34 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-99-59-34.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Feb 2024 09:12:49 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=21109
accept-ranges: bytes
content-length: 16480

GET
DATA 200
OK truncated
/ Frame 4A91 471 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3B17 471 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 bf Show response
bf28149orj.bf.dynatrace.com/ Frame F9CB 715 B
987 B 578ms
190ms XHR
text/plain 44.205.222.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=PGGISRARSKRBITHCGASTAUKBOFUVVQFH-0&modifiedSince=1707850627751&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=2813734221&en=4vwhu0vt&end=1
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10271230629152232.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.205.222.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-205-222-73.compute-1.amazonaws.com
Software: /
Resource Hash: 6ae97f7ef9c6f88155219e9944e0795d6c26107c59f29e07f33073051a6877e8

Request headers

Referer: https://www.gartner.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gartner.com
x-oneagent-js-injection: true
date: Thu, 22 Feb 2024 22:41:49 GMT
cache-control: no-cache
content-length: 715
content-type: text/plain;charset=utf-8

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1708641708698%26li_adsId%3D09abe0f7-38a6-4512-91f0-7b7970cc7ab9%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm...

0
165 B

192ms
192ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B626D5D57FBA48BF9BB3D94EEDDE3DE6 Ref B: SYD03EDGE0908 Ref C: 2024-02-22T22:41:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYSACYncSWVhKFBLLUskw==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 22:41:49 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYSACYka2TI5ymHMcWWMQ==
pragma: no-cache
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9D15881336794064BD89F2953129B211 Ref B: SYD03EDGE0908 Ref C: 2024-02-22T22:41:49Z
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708641708698&li_adsId=09abe0f7-38a6-4512-91f0-7b7970cc7ab9&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 77 B
315 B 333ms
24ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22b95f2e160d8ec135358ce824808f0fe21b7f4dbc59ade7cc46bba981244990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 859abd1ae96faaef-SYD
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/ 421 KB
101 KB 12ms
12ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: B7RJGeSCnZZuAb1NQkB81w==
age: 7324
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 103637
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:02 GMT
server: cloudflare
etag: 0x8DBB9A2763B37CA
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 370b2d5d-e01e-0045-3ee5-1dec60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 859abd1b1e705c0f-SYD

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/9995d05d-866d-4909-81dd-446d69a173ac/ 95 KB
20 KB 281ms
280ms Fetch
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52127f8b-58c8-43a1-aff0-3c29a26e76d8-test/9995d05d-866d-4909-81dd-446d69a173ac/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad66b40ac6fb0451baa6f252864ee213eb292767fe47d1cfc08656ba5b64e1c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: pCQHbcaD3ojQOlHiOLzeTw==
content-length: 19837
x-ms-lease-status: unlocked
last-modified: Wed, 27 Sep 2023 17:32:56 GMT
server: cloudflare
etag: 0x8DBBF7FC9B25E29
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9c08f5ce-801e-001e-7fe0-65d55b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd1b483fa80d-SYD

GET
H2 200 otFloatingRounded.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 10 KB
3 KB 14ms
13ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otFloatingRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: JBYz6y0YLdPMjkmPCHT4iQ==
age: 24285
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2644
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:55 GMT
server: cloudflare
etag: 0x8DBB9A271F46AFD
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 36ce4828-f01e-0014-0866-2371ec000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 859abd1d19b5a80d-SYD

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/ 62 KB
13 KB 14ms
14ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3yHA5F3oKJDlMPXEHc+wYA==
age: 24285
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12708
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:25:57 GMT
server: cloudflare
etag: 0x8DBB9A2735C2A8F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e193fcb3-801e-00a7-61a0-22d141000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 859abd1d19b6a80d-SYD

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202308.2.0/assets/ 21 KB
4 KB 14ms
14ms Fetch
text/css 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202308.2.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 24285
x-ms-lease-status: unlocked
last-modified: Wed, 20 Sep 2023 06:26:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 7f55d024-f01e-0076-4770-22b3cb000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd1d19b7a80d-SYD

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 280 KB
92 KB 117ms
117ms Script
application/javascript 142.250.71.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.71.72 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s17-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f2f9010ae4eb4663251dce8d71ebc52c4e9ca3ae734e1d9eb65924c71410b1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94435
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 22 Feb 2024 22:41:49 GMT

GET
H2 200 e1efa08e-e135-4766-9e10-b54f0663900a.js Show response
j.6sc.co/j/ 4 KB
4 KB 66ms
15ms Script
application/javascript 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/e1efa08e-e135-4766-9e10-b54f0663900a.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-73-144.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: fe1d77182f48fdeb7d27527565f4c8d2b598af1077cbc5aa5add9fa6adc10245

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
x-amz-version-id: pW4IebgOIKuZbCmTyEksxeIapWQKxcdM
date: Thu, 22 Feb 2024 22:41:49 GMT
last-modified: Fri, 19 May 2023 18:18:46 GMT
server: AmazonS3
x-amz-cf-pop: TPA52-P1
x-amz-server-side-encryption: AES256
etag: "6034df01e873fa0ea3a670daa3807be5"
content-type: application/javascript
x-amz-meta-content-type: application/json
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 3771
x-amz-cf-id: _Levcc6erdsT-MOHSatIjO_aVuT3-upmF7wpKMAN2pb660_bHkUgMw==
expires: Thu, 22 Feb 2024 22:41:49 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 391ms
121ms Script
application/javascript 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 22 Feb 2024 22:41:49 GMT
last-modified: Thu, 22 Feb 2024 21:00:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D8429DFAAB2D4F4C98844996041497DA Ref B: SYD03EDGE1710 Ref C: 2024-02-22T22:41:49Z
etag: "0adee36d265da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13197

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 3 KB
2 KB 506ms
106ms Script
text/javascript 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1708641709631&cv=11&fst=1708641709631&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&pscdl=noapi&auid=439320633.1708641708&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

cafe /

Resource Hash

85a162ca3f2e655d1a0eaaa3c8cb5752a92d200c33ead178664eaa63459ed834

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1494
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-2523353.js Show response
static.hotjar.com/c/ 9 KB
4 KB 10ms
3ms Script
application/javascript 18.67.111.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-90.syd62.r.cloudfront.net

Software

Resource Hash

8f5e5317b735aff8f73f533370d1731ec22917604d86d88c304ba59ca7a291eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 22:41:22 GMT
via: 1.1 c8a7df1b4956aa390fe495730eb3c9f4.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P2
age: 27
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/8bfa5909f353ff9dc5df11ed0bc27a48
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: 9buF7IQ_Y_lqekx120UdB1lkuuGSThJ7wL9C_-WQEo-ROmYXUrfeIg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 3 KB
2 KB 504ms
105ms Script
text/javascript 142.251.221.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1708641709635&cv=11&fst=1708641709635&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&pscdl=noapi&auid=439320633.1708641708&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.66 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f2.1e100.net

Software

cafe /

Resource Hash

4f8d073e4b787ae9e193940f40abf70a31f7652a2804ead2574658aba03fc484

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1496
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
57 KB 95ms
94ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Feb 2024 22:41:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: PsYIz8cFMs6neyybWy1Boz81cXab0eq32ksXj1CNacbtPj9GE/hD8eSfpi8gNHl3cWwIpjNpNHcbFh6RicFIXg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 111ms
4ms Script
application/javascript 13.35.148.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.148.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-148-17.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:34:31 GMT
content-encoding: gzip
via: 1.1 cab8093de9e922f6aac9f66e51afc0cc.cloudfront.net (CloudFront)
last-modified: Thu, 25 Jan 2024 18:19:40 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 439
x-amz-server-side-encryption: AES256
etag: W/"e31293f40e8a324de552ff593ee76a9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: o0D2KYHvgFH96m4rQeg2q6nkH6zzuxorxnDwjCr_l0mmUOeLxwkFeA==

GET tbw_analytics_v1.0.js
d26x5ounzdjojj.cloudfront.net/tbw/ 0
0

GET
H2 200 capterra_tracker.js Show response
ct.capterra.com/ 29 B
353 B 635ms
217ms Script
text/javascript 54.156.208.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.capterra.com/capterra_tracker.js?vid=2117953&vkey=f73241bb49d31b9ed492b4202bbe1244

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.208.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-208-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

b521cf21eb734ff6b687aef8f56b3ab1be44709262716e6817b1898bbc2b986d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-runtime: 0.008602
date: Thu, 22 Feb 2024 22:41:50 GMT
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-permitted-cross-domain-policies: none
etag: W/"b521cf21eb734ff6b687aef8f56b3ab1"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
content-length: 29
x-xss-protection: 1; mode=block
x-request-id: a15387d8-9966-4b60-88a6-40ff49cc68f8

GET
H2 200 tracker Show response
www.influ2.com/ 6 KB
2 KB 194ms
181ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

2b8de7b148c02f4f47b6c99b9be50f96c6eb57e16d3e5a2cf9b2d4676309f816

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 22 Feb 2024 22:41:49 GMT
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 340ms
31ms Script
text/javascript 172.64.151.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VVM8dl3_NKWhW1j2Vps43j9DBW1CR28959Q7yTN4vJDMl3qgyTW95jsWP6lZ3m8W5-lJqx2Y9YFnW7yDPvZ5k_T56W63_vcx3gv-PsW8WxS-d9b97pCW4YcPmM7knqnzW6BBtTF4WZJ9PW3w36Kx3S1NRDW54GwwD3k3vr1W1qRGZ-6-qXCvW1Y0ds_1jSmr2W2LNmJ-7dRgtWW37JZv_5PHCxMW4N5_R96PClKYW4YWpLz7L1Q9RW90LnjT7Mr_-DW33H_vy3HXY6RW4yypZl3vHk1-W7cJdRT5qnlQvW36c-WW494j9zN6rTN_43vHBYN75fvZxd90lSMh5H2wTTBnvW8tB9Q97Tr31zW1T2myl1-y0hsW1qLDvs5LFn3VW2Wkk8M4DtJwxW4KXB0b69Xjp9W9gWD8p9c46J_VbpYWc1PLRXkN4bH7FLw2mZLf7CDF9v04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.60 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 7279
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 859abd1f3e635c09-SYD
expires: Thu, 22 Feb 2024 23:01:49 GMT

GET
H2 404 t.js
vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/ 0
0 451ms
149ms Script
application/json 65.8.161.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/t.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.8.161.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-8-161-52.sfo53.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

GET
H2 200 4393.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 546ms
231ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/4393.js?p=https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation&e=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 919c8bd8-58a9-4bc2-9628-ace3d003a6bf
x-runtime: 0.003307
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 859abd1f9d97dfaf-SYD

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 197ms
197ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 38F3CEB8298646D2847CD9D4E4AAC7A0 Ref B: SYD03EDGE0908 Ref C: 2024-02-22T22:41:49Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.avanan.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYSACYoXk+pe/6uXsOw0w==

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
599 B 15ms
14ms Image
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 7322
x-ms-lease-status: unlocked
last-modified: Thu, 22 Feb 2024 03:32:39 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 5cea9920-601e-0029-494b-6507f7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd1d682f5c0f-SYD

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
490 B 11ms
10ms Fetch
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 24285
x-ms-lease-status: unlocked
last-modified: Wed, 21 Feb 2024 07:18:22 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 7915e359-301e-009d-68e5-64cb39000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd1d7a03a80d-SYD

GET
H2 200 privacy-center.png
cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/ab35f60a-5fe3-425a-8fd3-54a1c7472028/5abbcdb5-e783-4bba-8ec5-526bf2f46f6a/ 1 KB
2 KB 16ms
16ms Image
image/png 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/47e3c59c-0525-4547-bb04-4b39430f40a8/ab35f60a-5fe3-425a-8fd3-54a1c7472028/5abbcdb5-e783-4bba-8ec5-526bf2f46f6a/privacy-center.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: HnzIqzk5bF7upvrzwNVyQA==
age: 76755
content-length: 1478
x-ms-lease-status: unlocked
last-modified: Tue, 25 Oct 2022 18:30:06 GMT
server: cloudflare
etag: 0x8DAB6B6F07B96CC
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 0a2bb3d0-101e-001c-2145-0d6be3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 859abd1d884a5c0f-SYD

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 12ms
12ms Image
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 22 Feb 2024 22:41:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 84063
x-ms-lease-status: unlocked
last-modified: Wed, 21 Feb 2024 03:32:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: b9264ab6-101e-008a-3c79-646232000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 859abd1d884b5c0f-SYD

GET
H2 200 modules.3ba69200791f16077ba8.js Show response
script.hotjar.com/ 228 KB
55 KB 10ms
3ms Script
application/javascript 18.67.111.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.3ba69200791f16077ba8.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.57 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-57.syd62.r.cloudfront.net

Software

Resource Hash

c60a1c9a37989557aed8884899ddec28096d9624f4b43c602f9b335ae1db25cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 11:39:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 9d6e86f5b232838ca6f2f480892525b2.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P2
age: 39762
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56245
last-modified: Thu, 22 Feb 2024 11:38:42 GMT
etag: "35c74e10d354e1166c41fd72674e0488"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: eweB1HzX8BiLdLI_2g5dHWW4tDaohDSabUv14HvZtqQGg4SY0BH0YQ==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 15ms
14ms Script
application/javascript 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/e1efa08e-e135-4766-9e10-b54f0663900a.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Thu, 22 Feb 2024 22:41:49 GMT

GET
H2 200 getuidj Show response
secure.adnxs.com/ 11 B
700 B 284ms
94ms XHR
application/json 103.43.89.4
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEX, US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:49 GMT
an-x-request-uuid: 3ecae0a8-5dc8-41aa-b70e-0e4bd403c49f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.avanan.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 66.203.112.162; 66.203.112.162; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 15ms
14ms XHR
text/html 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-73-144.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.avanan.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 362ms
14ms XHR
text/html 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-73-144.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.avanan.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1708641710047_388974988_993343433_14_568_13_29_219";dur=1
content-length: 4
expires: Thu, 22 Feb 2024 22:41:50 GMT

GET
H2 200 / Show response
settings.luckyorange.net/ 129 B
750 B 255ms
243ms Fetch
application/json 104.26.11.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&s=128904

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.11.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.avanan.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBHGNmOcV8Jo3OWXJw2YLrJwBaea4FfQ7%2FRdHOga9dONPHbFq%2BvGZlwvPSXWZAdH1%2FZeXfFy0O98PiP%2ByrV85ykLANUNQL6M7qYfufIlJ5n0x%2FLxvh%2BvgbQiIglClSShJfwVC2G7%2BfS0JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 859abd1e0caea956-SYD
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 / Show response
t.influ2.com/u/ 62 B
331 B 201ms
190ms XHR
text/plain 34.117.110.211
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1708641709839
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.110.211 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 211.110.117.34.bc.googleusercontent.com
Software: nginx/1.25.3 /
Resource Hash: 913ed8aaed6f69aafcaa8c67abe8add9dca92d9d016aae079cc8a8a5da4b16b6

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:49 GMT
via: 1.1 google
server: nginx/1.25.3
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.avanan.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 747 B
719 B 313ms
108ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: fad7f3075c75555a19dd023c2317550688e7dd5be59b37cf12b6188cc9917a7b

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
accept-language: en-AU,en;q=0.9
Authorization: Token 88f41a99bd1fcf8636165556d51c5d9423931073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
X-6s-CustomID: WebTag e1efa08e-e135-4766-9e10-b54f0663900a

Response headers

x-trace-id: 3604372034894828606
date: Thu, 22 Feb 2024 22:41:50 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: ap-northeast-1a
access-control-allow-origin: https://www.avanan.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 397

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 317ms
107ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.avanan.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Thu, 22 Feb 2024 22:41:50 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: ap-northeast-1a
x-trace-id: 2526861030526055226

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 502ms
99ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-48VXKGDGCV&gtm=45je42l0v881001595z879081916za200&_p=1708641706727&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=2138521874.1708641710&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&dp=%2Fblog%2Fthe-microsoft-reply-attack&sid=1708641709&sct=1&seg=0&dt=The%20Microsoft%20Reply%20Attack&en=page_view&_fv=1&_nsi=1&_ss=1&ep.host_property=www.avanan.com&ep.page_level1=blog&tfd=3699
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
245 B 590ms
96ms Ping
text/plain 142.251.175.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-48VXKGDGCV&cid=2138521874.1708641710&gtm=45je42l0v881001595z879081916za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.175.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: sh-in-f155.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
107 B 507ms
106ms Image
image/gif 142.250.76.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-48VXKGDGCV&cid=2138521874.1708641710&gtm=45je42l0v881001595z879081916za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&z=1492156173

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.99 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 434ms
433ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 448ms
448ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22af1e717890f3605d16fc823643e05b8c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%2288f41a99bd1fcf8636165556d51c5d9423931073%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22e1efa08e-e135-4766-9e10-b54f0663900a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 1936026250043111 Show response
connect.facebook.net/signals/config/ 53 KB
11 KB 94ms
94ms Script
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1936026250043111?v=2.9.147&r=stable&domain=www.avanan.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

250673d761949bf109912fa31aa6c6d7475c3bfddc64916c86bdd2f890edb9a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Feb 2024 22:41:49 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11102
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: ZLIt64iLz8Ouppfgv+go3BTWswvqSp799PYH3Y2rapajsTn0Bkw9ktMwCDcfTcvJtEqWp1vUn+pxzimf6OyYVQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
442 B 222ms
222ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1708641709982&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1237514
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPryLBTlnNF1J4J5s3H-RQEfjV5hl7wXwz-A1LajFVQnRC7rBZOkbfkakIFSlS_ehmY171g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 22 Feb 2024 23:41:50 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 232ms
217ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1708641709982&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 22 Feb 2024 22:41:50 GMT
expires: Thu, 22 Feb 2024 22:41:50 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPrKKN_-IvdyrYP3j4WCPLHJkY6vscQp3ds6TepGuwKgAUnbGN1olUHRTiRdMnF7Xls41l4

GET
H2 204 25018126.js Show response
bat.bing.com/p/action/ 0
118 B 121ms
121ms Script
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25018126.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 22 Feb 2024 22:41:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 57BEE59DB37F47E49249A8A4AAE17DD2 Ref B: SYD03EDGE1710 Ref C: 2024-02-22T22:41:50Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 163ms
163ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25018126&tm=gtm002&Ver=2&mid=48668c5e-ef9e-473e-b691-7e784460be5b&sid=9140ad70d1d311ee9c416323f6708f65&vid=9140e440d1d311eebf98ddf5dcab09e4&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=The%20Microsoft%20Reply%20Attack&p=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&r=&lt=1357&evt=pageLoad&sv=1&rn=957399

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 22 Feb 2024 22:41:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DED50CF9E4694F5A879F300ED8A53972 Ref B: SYD03EDGE1710 Ref C: 2024-02-22T22:41:50Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 583ms
94ms Image
text/plain 157.240.7.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1936026250043111&ev=PageView&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&rl=&if=false&ts=1708641710060&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1708641710059.1329093711&ler=empty&cdl=API_unavailable&it=1708641709943&coo=false&exp=e1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin6.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 22 Feb 2024 22:41:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
108 B 506ms
105ms Image
image/gif 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1708641709635&cv=11&fst=1708639200000&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf__eo-4JuGw9O5ealNvoc7qJyJVO56PA&random=3442351220&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.au/pagead/1p-user-list/881234066/ 42 B
455 B 278ms
102ms Image
image/gif 142.250.76.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/pagead/1p-user-list/881234066/?random=1708641709635&cv=11&fst=1708639200000&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf__eo-4JuGw9O5ealNvoc7qJyJVO56PA&random=3442351220&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.99 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
455 B 411ms
105ms Image
image/gif 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1708641709631&cv=11&fst=1708639200000&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_r3X2T7b7cBKXRBelp__6C838OnkgTw&random=1213006930&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.au/pagead/1p-user-list/881234066/ 42 B
108 B 154ms
104ms Image
image/gif 142.250.76.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/pagead/1p-user-list/881234066/?random=1708641709631&cv=11&fst=1708639200000&bg=ffffff&guid=ON&async=1&gtm=45He42l0v79081916za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_r3X2T7b7cBKXRBelp__6C838OnkgTw&random=1213006930&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.99 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK b1eed135-8e4c-4917-aa3f-7606ce3abc81
https://www.avanan.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.avanan.com/b1eed135-8e4c-4917-aa3f-7606ce3abc81
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 99ms
99ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-48VXKGDGCV&gtm=45je42l0v881001595z879081916za200&_p=1708641706727&gcd=13l3l3l3l1&npa=0&dma=0&cid=2138521874.1708641710&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=2&sid=1708641709&sct=1&seg=0&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&dt=The%20Microsoft%20Reply%20Attack&en=6si_data_loaded&ep.e_action=6si_company_details&ep.e_label=6si_data_loaded&_et=592&up.company_name_6s=(Non-company%20Visit)&up.company_domain_6s=&up.industry_6s=&up.employee_range_6s=&up.segments_6s=&up.revenue_range_6s=&up.employee_count_6s=&up.country_6s=Australia&up.company_segment_ids_6s=&up.company_match_6s=Non-actionable%20Match&up.company_is_blacklisted_6s=false&up.company_is_6qa_6s=false&tfd=4299
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 bf Show response
bf28149orj.bf.dynatrace.com/ Frame F9CB 206 B
478 B 189ms
189ms XHR
text/plain 44.205.222.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=PGGISRARSKRBITHCGASTAUKBOFUVVQFH-0&modifiedSince=1708359493340&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=879062195&en=4vwhu0vt&end=1
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10271230629152232.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.205.222.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-205-222-73.compute-1.amazonaws.com
Software: /
Resource Hash: 8db6523b53a9d6351f059b8bf2aa5c7fabf1bdf37f76e0c312a2660de013b95d

Request headers

Referer: https://www.gartner.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gartner.com
x-oneagent-js-injection: true
date: Thu, 22 Feb 2024 22:41:50 GMT
cache-control: no-cache
content-length: 206
content-type: text/plain;charset=utf-8

GET
H2 200 insent Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ 80 KB
23 KB 313ms
3ms Script
binary/octet-stream 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id: Do3I7W1ZAWXrXjTz8nc5rLMLlRnTeriu
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
date: Thu, 22 Feb 2024 18:42:47 GMT
last-modified: Wed, 18 Oct 2023 08:56:44 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 14343
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: Z7A84mlNyMUvEtVFIxDPahQnGwolSEuPOwBJZcQLMxMIxTc3Nu4m2w==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
698 B 239ms
238ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2526861400&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1708641710690&vi=f078dde53db70e372b5067512cfcb7b8&nc=true&u=23485541.f078dde53db70e372b5067512cfcb7b8.1708641710687.1708641710687.1708641710687.1&b=23485541.1.1708641710687&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 53d51b8f-4f18-4c01-9d04-52c66c7237eb
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 53d51b8f-4f18-4c01-9d04-52c66c7237eb
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lU3gkMzGfZW9l9qRNU9h%2BqBokgp1hcocEcvlXdPBv42Q77gNgYvASmWzU8oS7AsEeCtsK02na%2FVoy5mW2bnr1rZn%2BmANwoTaqFLJCQ%2BxthRWxTCxnwttihlNYer9rKJWEuq0"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-scd75
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 859abd23dba0dfb3-SYD
x-robots-tag: none

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 536ms
235ms Image
image/gif 104.18.192.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.192.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 22:41:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 1a3ae6d4-2a14-461c-a1bc-c93613edbe28
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 1a3ae6d4-2a14-461c-a1bc-c93613edbe28
Last-Modified: Thu, 22 Feb 2024 22:41:51 GMT
Server: cloudflare
X-Trace: 2B7E20A8DC2F9919467D6540C49A10C1E0B95A4E13000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-zw6mg
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 859abd25bd79aae9-SYD

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
446 B 282ms
281ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c953fa87-efa0-494e-9947-98ffe764fcd8%22%2C%22456f8fc2-2a2d-451b-be42-2ab5d22687fa%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2526861400&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1708641710691&vi=f078dde53db70e372b5067512cfcb7b8&nc=true&u=23485541.f078dde53db70e372b5067512cfcb7b8.1708641710687.1708641710687.1708641710687.1&b=23485541.1.1708641710687&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a73d0cc0-47ba-4980-8e71-1417f6ea5adf
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 45
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a73d0cc0-47ba-4980-8e71-1417f6ea5adf
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rVyRDL5Ycx9HboSrKpiTDTNTR%2BJbAOtPl%2FAKg8lm4h22W%2FhQMw56GSR5%2BGfoEVWaOYGDkU3CAkliVpY%2FVm0rnmigl7B9bRuYKPBNsHn9aQD7wX9sxlYiWMRPGEfLRJYpOthM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-mprkl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 859abd23dba1dfb3-SYD
x-robots-tag: none

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 5049 49 KB
18 KB 343ms
343ms Document
text/html 157.240.7.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61c750ce90fa0b00%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=a7566c38155f2070733abdba3ade3294

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin6.facebook.com

Software

Resource Hash

d3ec94bf5645a3624317a4cc3015ae9afb7ac1120806c3f576f4b55120c7b352

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Feb 2024 22:41:50 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
permissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: o1YyKyXFZw6UwZxC9e8QKmAPLdUSDXUBHhJvkySqXXrY+qQZtbeJjU8vcqkPvEGGZ53v27c56JZxNa8rsOpiyQ==
x-xss-protection: 0

GET
H2 200 like.php Show response
www.facebook.com/plugins/ Frame 7D89 49 KB
15 KB 440ms
440ms Document
text/html 157.240.7.35
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df76745884cfe49413%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=a7566c38155f2070733abdba3ade3294

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-sin6.facebook.com

Software

Resource Hash

d1293e49980295cf15720f2cf52f79a1d255fea0b43ed99107de375e6bb2cc9e

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: unsafe-none;report-to="coop_report"
cross-origin-resource-policy: cross-origin
date: Thu, 22 Feb 2024 22:41:50 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
permissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: 29fJBIyHQXJyaVZ46tJoj3MiDmjkwmZ3EyJ5cK+uFfu6MTEtQOcaapM+7Xql+/9pbLuJvN6Hj2yyBdQCsCaAtA==
x-xss-protection: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 451ms
451ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A49%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:51 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
3 KB 590ms
281ms XHR
application/json 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1835778&utk=f078dde53db70e372b5067512cfcb7b8&__hstc=23485541.f078dde53db70e372b5067512cfcb7b8.1708641710687.1708641710687.1708641710687.1&__hssc=23485541.1.1708641710687&contentId=106960374431&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bcd801e66d936fdc74236dc2a9240dd7e4716a587a48e20af4c46a48ebdbaf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 60ddb530-00dc-46d9-bc49-ac2be2368820
content-encoding: br
x-envoy-upstream-service-time: 37
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 60ddb530-00dc-46d9-bc49-ac2be2368820
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnaBx%2BbmI9ia2pA7HTtM6nft8pQr3Aojt8whJjpkqV1Q3PKl0gwuYM6S6PXEe7SNMZ3eUfwevOFk0LFcR1dWV%2FHekE5oMdaVV2wHrs4DIACmMj4%2F1TCPamDxWHI4gjPoIa5K"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 859abd25fc74a96d-SYD
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-9285z

GET
H2 200 M1iiaZr_6ae.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yS/l/en_US/ Frame 5049 530 KB
137 KB 95ms
94ms XHR
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yS/l/en_US/M1iiaZr_6ae.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df61c750ce90fa0b00%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

5f36029a474eb990cfc775680cfdc025868f33303525fe58e86dc12c3fda489f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
date: Thu, 22 Feb 2024 22:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: u304XwIyS4H2hXuEZSYXPw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 139904
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-fb-debug: CFxAwNifcq9o1q+AEDol3BzbTqlv1BTi32GBbswN6PKxJpjd3bBlNRjBsqOViat7vSEkSYi8k73mHXHYkBnXew==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Thu, 20 Feb 2025 02:04:45 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 5049 299 B
1 KB 94ms
94ms Image
image/png 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
date: Thu, 22 Feb 2024 22:41:51 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-fb-debug: ztzbuTaTWB4ys5nSCw2ltig3f21RR+EAhF9IZnVc5seglbS7VRrHBiD29whOPyl3AuMXtMmFohFDOKB4zCo99A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
timing-allow-origin: *
expires: Thu, 13 Feb 2025 22:38:59 GMT

GET
H2 200 / Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 4F56 3 KB
2 KB 4ms
3ms Document
text/html 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 94c3d0f52cee1217895c22a7a35b5f7b855fb495709822159a471811575738da

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 1805817
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 02 Feb 2024 01:04:55 GMT
etag: W/"cea936b357d0fefbe67f396ac27ecc71"
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-cf-id: soyDbvE3hVz0AA-ru4H-zEsmpG30OTB6GE54SZbM1cDlmaUWOo1V2w==
x-amz-cf-pop: SYD1-C1
x-amz-version-id: wf2lJ.cKt7e1wlMSlpAOAV_K1ZPwVE5q
x-cache: Error from cloudfront

GET
H2 200 env.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 4F56 437 B
786 B 28ms
26ms Script
application/javascript 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/env.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 08:23:47 GMT
x-amz-version-id: DmgVUrsbNmh0zFcaosq_jdGFz91EWuHz
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
last-modified: Mon, 10 Apr 2023 13:35:06 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 51485
etag: "649ed907ccaa01c40f7d298cda51d4e0"
x-cache: Hit from cloudfront
content-type: application/javascript
content-length: 437
x-amz-cf-id: nDCxoWtZwKfMm1BTLMuC6R3EOOBuVNRjj854BMC80fvdrvB908foRg==

GET
H2 200 pusher.min.js Show response
js.pusher.com/6.0/ Frame 4F56 64 KB
18 KB 287ms
3ms Script
application/javascript 13.35.149.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pusher.com/6.0/pusher.min.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.149.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-149-62.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 19:57:47 GMT
content-encoding: gzip
via: 1.1 cab8093de9e922f6aac9f66e51afc0cc.cloudfront.net (CloudFront)
last-modified: Thu, 14 May 2020 14:40:27 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 1133045
etag: W/"ba16a869e0473ee0ff7636f71e340c60"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=2592000
x-amz-cf-id: 6UP4jkfmBqawDSsvN2QguRw_nHyjGpqtJoZMjSUDOTT-LCPMXMq9Pg==

GET
H2 200 vendors.3ba21c21.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 4F56 1 MB
375 KB 28ms
27ms Script
application/javascript 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.3ba21c21.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 015b0ab9fa40e735166ee14dd2c9ab61e3ce7d1f2e58195a0a36e7492cb2627e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 20:54:10 GMT
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-version-id: EyBnLDOCp7EBUbbWuqcgnuY8SEticYXr
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 784062
etag: W/"cfe569abd22cf645465b07167297c451"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: WIpqAbqiWuiR3RTo2g_kPBq3mZQV2Xn6rccoiQiMUmysn8QurQU9Rw==

GET
H2 200 commons.e9c5b3b2.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 4F56 228 KB
63 KB 36ms
35ms Script
application/javascript 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/commons.e9c5b3b2.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e864c75ed847605431470f3724181592e861488f21976d8bedb14c6ca5b9b141

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 23:01:49 GMT
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-version-id: x1MyjLe4VT5K6a5ykHai4_hGmw78vqG7
last-modified: Wed, 18 Oct 2023 08:56:49 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 603603
etag: W/"40d1bf7e74f8e2734926e36705386db6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: vbiFqL8u9fGZ1zJz5kNDC9-_Zrdf3iOZhQSXzZduwto0CFT21I-rQg==

GET
H2 200 reduxComponents.5e03cc46.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 4F56 58 KB
14 KB 37ms
36ms Script
application/javascript 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/reduxComponents.5e03cc46.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bc19bb0f8a32439be8acf92004cd921b46ba6caa528dd8a4cb1875fe5761c64e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Wed, 17 Jan 2024 20:24:27 GMT
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-version-id: FtxYOBgpDuzlE_fYPrrLcHQDrwfNQdsY
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 3118645
etag: W/"44201bb39223ce7d109e05cad49aec41"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: t6-N6c9C6bRxPyGk6zKg2NVL4bFPjZZUdtWqtJpV9QLAGybBYr6Ebg==

GET
H2 200 main.69437bec.chunk.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame 4F56 117 KB
28 KB 38ms
38ms Script
application/javascript 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/main.69437bec.chunk.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f31215a00102af8f170ae267d336423808e3c803571bf030589c059f2a02604

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 17:39:14 GMT
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-version-id: nGh4WSSe7x9nohvPetGLcIKzGbmpnSVP
last-modified: Wed, 18 Oct 2023 08:56:50 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 622958
etag: W/"2e4663be75d71d8807feffe5dbc95b43"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: sduPzr_tCcD6HtIZyV2E1rTP-sAKrLXFsrFWm2xJGov2PK8jMvr8aw==

GET
H2 200 M1iiaZr_6ae.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yS/l/en_US/ Frame 7D89 530 KB
137 KB 111ms
110ms XHR
application/x-javascript 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yS/l/en_US/M1iiaZr_6ae.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df76745884cfe49413%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

5f36029a474eb990cfc775680cfdc025868f33303525fe58e86dc12c3fda489f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), fullscreen=(), picture-in-picture=();report-to="permissions_policy"
date: Thu, 22 Feb 2024 22:41:51 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: u304XwIyS4H2hXuEZSYXPw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 139904
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-fb-debug: CFxAwNifcq9o1q+AEDol3BzbTqlv1BTi32GBbswN6PKxJpjd3bBlNRjBsqOViat7vSEkSYi8k73mHXHYkBnXew==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Thu, 20 Feb 2025 02:04:45 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 7D89 299 B
446 B 95ms
94ms Image
image/png 157.240.7.26
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df76745884cfe49413%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff7e636827a2cc86e2%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.7.26 Singapore, Singapore, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-sin6.fbcdn.net

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
date: Thu, 22 Feb 2024 22:41:51 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
x-fb-debug: ztzbuTaTWB4ys5nSCw2ltig3f21RR+EAhF9IZnVc5seglbS7VRrHBiD29whOPyl3AuMXtMmFohFDOKB4zCo99A==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
timing-allow-origin: *
expires: Thu, 13 Feb 2025 22:38:59 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
409 B 253ms
252ms Image
image/gif 104.19.155.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=9862d401-d68f-4977-9e32-b0849cab6384&lfi=4974344&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2526861400&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1708641711320&vi=f078dde53db70e372b5067512cfcb7b8&nc=true&u=23485541.f078dde53db70e372b5067512cfcb7b8.1708641710687.1708641710687.1708641710687.1&b=23485541.1.1708641710687&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9423b109-c322-4ee8-982e-f19c66894a5d
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9423b109-c322-4ee8-982e-f19c66894a5d
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D2EDI70geyeh3yznMOLjhN98Jp%2Bh13x9sIHib5P3Tkcn0z0kHcaJodCzT%2FuJ0k8OB59fNoalTf7gx2soC0ei4wfK5LiFoCdwA3JMlwCfGO15tIdRjxsyn%2BSeJkiyJz9931ZC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-scd75
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 859abd27ced3dfb3-SYD
x-robots-tag: none

GET
H2 200 english.json Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 4F56 6 KB
2 KB 3ms
3ms XHR
application/json 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/english.json
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.3ba21c21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.147.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-147-72.syd1.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670

Request headers

Accept: application/json, text/plain, */*
Cache-Control: max-age=31536000
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 00:25:36 GMT
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-version-id: 5IaU4vm.JjPzlQNMF0Xxl1Uvelh53n9v
last-modified: Wed, 18 Oct 2023 08:56:47 GMT
server: AmazonS3
x-amz-cf-pop: SYD1-C1
age: 684975
etag: W/"05d6f056048cdc28c10284bd31bf2c30"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age=31536000
x-amz-cf-id: bGelHicONUt4lMcIzfNBhIyXfLfBDfpTBFsMA2HTDI_z-fg9Jmm_4A==

GET
H2 200 getuser Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame 4F56 2 KB
1 KB 1011ms
1010ms XHR
application/json 13.35.147.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/getuser?url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation

Requested by

Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.3ba21c21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.35.147.72 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-35-147-72.syd1.r.cloudfront.net

Software

Resource Hash

89a9b9d1ef1a244f27375f4877da81b4dea05be4f47a477251f2fde4a65d829e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=Pisi889JmrotC26&hubspot_cookies=[%22f078dde53db70e372b5067512cfcb7b8%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
hubspotCookies: ["f078dde53db70e372b5067512cfcb7b8"]
accept-language: en-AU,en;q=0.9
Authorization: Bearer p2xERwhuLXXni4npvQaI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:52 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 2d39749f0342007f9798eeb0800f8a0e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C1
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
apigw-requestid: Tj0Tfg4DiYcEJDg=
x-xss-protection: 1; mode=block
etag: W/"787-YFf9OixU8SpI8vIGMOB3IhOQ0xk"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-amz-cf-id: H_yjZr_4NCv9R9tK_K0TFVvVQFf_B4ckYtLU5r8_IWxc0t0EHnFf5w==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 638ms
638ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A51%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A50%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 blog-subscription-laptop-icon-2.png
www.avanan.com/hubfs/website/img/blog/ 109 KB
111 KB 27ms
26ms Image
image/webp 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/blog-subscription-laptop-icon-2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

199.60.103.2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
age: 604776
x-amz-request-id: GJ21K6M1Z2P884GW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="blog-subscription-laptop-icon-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8d71f834d25a82123bd27e64ec06b767"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681321816755
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Thu, 22 Feb 2024 22:41:52 GMT
strict-transport-security: max-age=31536000
via: 1.1 db5074d02aa0b9851d4e5d66a6fc3826.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: eGk4cuTrlwYommw7ReeuO26P_osPr7sE
x-amz-cf-pop: LAX50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=212633
x-cache: RefreshHit from cloudfront
cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 112020
x-amz-id-2: 7Aa7+D30To6oXP+x0JNZdwEMPvyWnPYNu2QyXjeWONPra2kQ+TZMwVmT4s+BaITMnJ/0eQEJqNU=
last-modified: Wed, 12 Apr 2023 17:50:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bbcuijHUSg6zk%2FwKsh0c97tNrF2CLm2C%2BhGtaXO9NwUO469WyFXztma%2F3buTDnCkxZ8eOMQtCObAvHga13Kgw1eVmaOF5kf3kRW8qZ930kg090YfYvlOXBfJJH6gWakD"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 859abd2e0fa679cf-SYD
x-amz-cf-id: Ko0cpnp0xjy1s35X4_OIZ1Ma8xDL1cPV4lHgv-dzx9h_KIFpHcn0LA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 451ms
451ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A52%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A51%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 438ms
438ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A53%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A52%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:54 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 489ms
489ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A53%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:55 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 100ms
100ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-48VXKGDGCV&gtm=45je42l0v881001595z86871859za200&_p=1708641706727&gcd=13l3l3l3l1&npa=0&dma=0&cid=2138521874.1708641710&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=3&sid=1708641709&sct=1&seg=0&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&dt=The%20Microsoft%20Reply%20Attack&en=6si_data_loaded&ep.e_action=6si_company_details&ep.e_label=6si_data_loaded&_et=3&tfd=9300
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-48VXKGDGCV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Feb 2024 22:41:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 440ms
440ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=af1e717890f3605d16fc823643e05b8c&svisitor=null&visitor=68290741-5bed-4c7a-8c18-d0d06729b5d4&session=b39023b6-344a-48b3-8ff6-7c816b0d2814&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2022%20Feb%202024%2022%3A41%3A54%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226009%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&pageViewId=2311b6ff-9b31-4b24-8900-b9a8450b0f52&an_uid=0&webTagId=e1efa08e-e135-4766-9e10-b54f0663900a&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date: Thu, 22 Feb 2024 22:41:56 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?6

Verdicts & Comments Add Verdict or Comment

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.avanan.com/	1970-01-20 18:37:23	Name: __cf_bm Value: y.qtCmHpeuhjaPM.SS2KRlckSybci8ZY3sjd.0f19Pw-1708641706-1.0-AZjXhY0Z+ocAXIhK9u7+jT46y8D4FVPmA0hblxXYrO3XQFayNmb3EPq/vzowqsEu+cj8Q3lAPv3EI+soF1ewoxE=
.www.avanan.com/	1969-12-31 23:59:59	Name: __cfruid Value: d82fa94a98c9bc11d2cda20fbbceb1e121773552-1708641706
.gartner.com/	1970-01-20 18:37:23	Name: __cf_bm Value: piQo_VQbdHWJ_J44wTawAHt3A5ujNBYOhZ51Vbxq43k-1708641707-1.0-AX0fCYoMygGsO2YzftQNDr6fdoqRMZvxum3J7XfbKTe5lu00WfgPsdxwEBbIQAf0omOq6lSTgmFDmYeWLX7r9K4=
.gartner.com/	1969-12-31 23:59:59	Name: _cfuvid Value: nswxBFKwau3XeRxwQAVvuxO.hWc1RAXBuJZLEr3dLco-1708641707079-0.0-604800000
.avanan.com/	1970-01-21 03:22:57	Name: _lfa Value: LF1.1.ff96022f5bd257b1.1708641707394
.hubspot.com/	1970-01-20 18:37:23	Name: __cf_bm Value: PV3_TnsLsDLL0QCh0dPFZCwizZKD3WieeUQzrljeDSI-1708641707-1.0-AVvYgxGEZ+5dclp2rbgIBHSyMnEYUYgQXZutbJ75z3mn5moV6MX2wA8zIYFiX1NeTRVz3ymqKOd5lDtTRNzIYUI=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: VlPzJAdS8t_WjQK9e.f7YESyGswI5VP283bvkrv5tHU-1708641707955-0.0-604800000
.avanan.com/	1970-01-20 20:46:57	Name: _gcl_au Value: 1.1.439320633.1708641708
.linkedin.com/	1970-01-20 20:46:57	Name: li_sugr Value: 36806ea7-6a62-4290-908b-5e1f485ce051
.linkedin.com/	1970-01-21 03:22:57	Name: bcookie Value: "v=2&4bca880f-5672-4f43-889a-22ed79c06e13"
.linkedin.com/	1970-01-20 18:38:48	Name: lidc Value: "b=TGST06:s=T:r=T:a=T:p=T:g=2829:u=1:x=1:i=1708641709:t=1708728109:v=2:sig=AQHGuitetrMuzFfVLdUyVP5GwY9bnvdT"
.linkedin.com/	1970-01-20 19:20:33	Name: UserMatchHistory Value: AQLDe_54zJieAAAAAY3S-2zx93n-8LpJU_kgv_JsEWc2ub-pNXo-YgzJSfz8TbroF3bJ3-UXdu3NgA
.linkedin.com/	1970-01-20 19:20:33	Name: AnalyticsSyncHistory Value: AQJMOnlCt53oEQAAAY3S-2zxTTSgR56RqYZNAxLj9oI_qJM_sjuDPoFEklBhbr1habzIhIy1oBTwJLFMZ338ng
.www.linkedin.com/	1970-01-21 03:22:57	Name: bscookie Value: "v=1&20240222224149166d4f06-a7f1-4395-84d5-da0563eee2b9AQHmWyxjBK3K1xtCvzF-NmY9w2_ZhVAF"
www.avanan.com/	1970-01-21 04:13:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Feb+23+2024+06%3A41%3A49+GMT%2B0800+(Australian+Western+Standard+Time)&version=202308.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=aff7ba76-42f3-4197-b0c6-53eb52fd77cf&interactionCount=0&landingPath=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg%26utm_content%3D293972812%26utm_source%3Dhs_automation&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.avanan.com/	1970-01-21 03:22:57	Name: _hjSessionUser_2523353 Value: eyJpZCI6IjQzN2I1MGQ5LTcxMjItNTczZi05OGVjLTcwYmM2ZDBjZTU5MyIsImNyZWF0ZWQiOjE3MDg2NDE3MDk4MDEsImV4aXN0aW5nIjpmYWxzZX0=
.avanan.com/	1970-01-20 18:37:23	Name: _hjSession_2523353 Value: eyJpZCI6ImVmZDliYjViLTk4NjgtNDFjNS04M2EwLTFmZGYxYzg1OTYxZiIsImMiOjE3MDg2NDE3MDk4MDIsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.avanan.com/	1970-01-21 04:13:21	Name: _ga Value: GA1.1.2138521874.1708641710
www.avanan.com/	1970-01-21 04:13:21	Name: _gd_visitor Value: 68290741-5bed-4c7a-8c18-d0d06729b5d4
www.avanan.com/	1970-01-20 18:37:36	Name: _gd_session Value: b39023b6-344a-48b3-8ff6-7c816b0d2814
.techtarget.com/	1970-01-20 18:37:23	Name: __cf_bm Value: Ylv1VPaWdW6HmPq6naYTCZ_jlU.0RTSs.PbezjFr00A-1708641709-1.0-AXdKPk/iKZeIjl5bCMlMgKLgf634cX/OCcaDTAqmWUG1k8Sfwj85lhLsDTbZjTPd96uhHzlgR6/izN9EX+EPjpA=
.adnxs.com/	1970-01-21 04:13:21	Name: receive-cookie-deprecation Value: 1
www.avanan.com/	1970-01-20 18:47:26	Name: _an_uid Value: 0
.avanan.com/	1970-01-20 18:38:48	Name: _uetsid Value: 9140ad70d1d311ee9c416323f6708f65
.avanan.com/	1970-01-21 03:58:57	Name: _uetvid Value: 9140e440d1d311eebf98ddf5dcab09e4
.influ2.com/	1970-01-21 03:22:57	Name: R Value: 47a0a897f79f7a15517c9f2
.avanan.com/	1970-01-20 20:46:57	Name: _fbp Value: fb.1.1708641710059.1329093711
.doubleclick.net/	1970-01-20 18:37:22	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-21 03:58:57	Name: MUID Value: 27A0E2C81AC068B832B9F6E51B3A696E
.bat.bing.com/	1970-01-20 18:47:26	Name: MR Value: 0
tracking.g2crowd.com/	1970-01-20 18:57:31	Name: _session_id Value: 0859fcd7f9139f413d3b840d84df7476
.g2crowd.com/	1970-01-20 18:37:23	Name: __cf_bm Value: eBPrY1QymgTawm.2F9p_.DIlgqBmcBxXx2ikzrgERok-1708641710-1.0-AToc2JMnPxq8n6R43lwicl0Wov5sXtPlQVB2wjvh7JTb0E//bmjkiIXzQKKiCAqCI5UlOzLyNErkL0CZz2vguBg=
.6sc.co/	1970-01-21 04:13:21	Name: 6suuid Value: 8c492f17cf330100aecdd765cd0100000dfb3a00
.avanan.com/	1970-01-21 04:13:21	Name: _ga_48VXKGDGCV Value: GS1.1.1708641709.1.0.1708641710.59.0.0
.avanan.com/	1970-01-20 22:56:33	Name: __hstc Value: 23485541.f078dde53db70e372b5067512cfcb7b8.1708641710687.1708641710687.1708641710687.1
.avanan.com/	1970-01-20 22:56:33	Name: hubspotutk Value: f078dde53db70e372b5067512cfcb7b8
.avanan.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.avanan.com/	1970-01-20 18:37:23	Name: __hssc Value: 23485541.1.1708641710687
.avanan.com/	1970-01-21 04:13:21	Name: insent-user-id Value: WwdQLd2iL6BgY4Piu1708641711638

89 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation(Line 2254) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation(Line 2254) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation(Line 2254) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation(Line 2254) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?6 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1936026250043111?v=2.9.147&r=stable&domain=www.avanan.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 95) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/t.js Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-9DuuNVdSCvlylymOuaTImnhqvYlmkrvlrLynyDGG0NBPahsFLXeJoVKNLtsHuATd3m1zo5i3halbd2AzjBvlFw_pI2DZhwEcW9sQoQcjXMNTHa_Tg&utm_content=293972812&utm_source=hs_automation Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
api.hubapi.com
app.hubspot.com
b.6sc.co
bat.bing.com
bf28149orj.bf.dynatrace.com
c.6sc.co
cdn.cookielaw.org
cdn2.hubspot.net
cdnjs.cloudflare.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
connect.facebook.net
ct.capterra.com
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
d26x5ounzdjojj.cloudfront.net
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
geolocation.onetrust.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscta.net
js.hsleadflows.net
js.pusher.com
lftracker.leadfeeder.com
lh3.googleusercontent.com
lh5.googleusercontent.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
reviews.static.gartner.com
script.hotjar.com
secure.adnxs.com
settings.luckyorange.net
snap.licdn.com
static.hotjar.com
static.hsappstatic.net
static.xx.fbcdn.net
stats.g.doubleclick.net
syndication.twitter.com
t.influ2.com
tr.lfeeder.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
use.fontawesome.com
vidassets.terminus.services
www.avanan.com
www.facebook.com
www.gartner.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.influ2.com
www.linkedin.com
d26x5ounzdjojj.cloudfront.net
103.43.89.4
104.16.111.209
104.16.78.186
104.17.203.204
104.17.229.163
104.17.25.14
104.18.122.12
104.18.131.236
104.18.176.93
104.18.192.125
104.18.212.51
104.18.34.221
104.19.154.83
104.19.155.83
104.244.42.72
104.26.11.16
104.99.59.34
13.107.21.200
13.107.42.14
13.224.181.26
13.248.142.121
13.35.147.72
13.35.148.17
13.35.149.62
142.250.204.4
142.250.66.225
142.250.71.72
142.250.76.106
142.250.76.99
142.251.175.155
142.251.221.66
142.251.221.67
157.240.7.26
157.240.7.35
172.64.144.225
172.64.151.60
172.64.153.27
172.64.155.119
172.64.206.38
18.67.111.40
18.67.111.57
18.67.111.90
192.229.237.25
199.60.103.2
216.239.32.181
23.47.73.144
34.107.254.219
34.111.208.231
34.117.110.211
44.205.222.73
54.156.208.110
65.8.161.52
015b0ab9fa40e735166ee14dd2c9ab61e3ce7d1f2e58195a0a36e7492cb2627e
03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
0aa01d0497c7250fed318f15d0058b8fc5ee5efa889142bf0e0636bd9c887f2d
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
0d4d2b0e9ec6cec79ac7c036324273f238d129f005b6a201b3439dd2c25f70de
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
119f872a3cdeba6cf0d204544fe4b9b947d21b6680c162b9c5229266ff7d69b1
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
22b95f2e160d8ec135358ce824808f0fe21b7f4dbc59ade7cc46bba981244990
22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9
24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9
250673d761949bf109912fa31aa6c6d7475c3bfddc64916c86bdd2f890edb9a6
25cbb25cc5350aa8e6257af038a80a00505335ac9448dab989aa4ec34db00bc0
2625d7bbfa42707e54c3acce1ea1ac20354f6b39f9ca0926a1d1ccc75557c921
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
2930e024fce54205f053de089088a6f915f8c7d074d7f1b484621a73033a1d95
2b8de7b148c02f4f47b6c99b9be50f96c6eb57e16d3e5a2cf9b2d4676309f816
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
320f88c7a9672864d92d9369cde081ba7c6e9a27cd0592755b011be432373882
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
38de6bc8c2c8a9406f81c95c8cf7e192ecf20c0d5de9afa0b83ede7954743120
3bcd801e66d936fdc74236dc2a9240dd7e4716a587a48e20af4c46a48ebdbaf8
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
450e19b5476bc3139c1fcd08e628452998b5b36d2f52528cc2ecab3b6c5a88d1
45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53
46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d
49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
4f8d073e4b787ae9e193940f40abf70a31f7652a2804ead2574658aba03fc484
54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
5be2dfa172d505acb197760b55c4731347cc239a7a046013c251948bb8214dbc
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5e3cdaac351e33cc529cdb65d135fd74ed31ea5bcbb487e64b61696e75aaf41b
5f36029a474eb990cfc775680cfdc025868f33303525fe58e86dc12c3fda489f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
605ade5eddc1740b39bfc81140b42945008049c00f8971b692c913673a824524
626e534b9a811f60a8aa88e463a0ffa75ea4d8ba7510ed6a15c267becf680394
634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ae97f7ef9c6f88155219e9944e0795d6c26107c59f29e07f33073051a6877e8
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
6f31215a00102af8f170ae267d336423808e3c803571bf030589c059f2a02604
6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
7b13825f4daba8d0a18692693b4090e5843c200b0bbcc03821a8e4dca3d25cc1
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
7b84d0c350cc891e35015f8befd4edd064b4c72fdc88e6af291baf07f8d344a3
7cfe2988dd0e1d6bcc63e394d2818003d0a121a5a8de88a6ba8caf91dbc48c96
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7de470eb749b68a909379ee3bef2073c96c0a5f8f0df1b2f56a699cf2a4742d2
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
844208d3f740c48ca14df4373b0d232cb9e81f3934b53114833ca717b03a90f5
85a162ca3f2e655d1a0eaaa3c8cb5752a92d200c33ead178664eaa63459ed834
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
89a9b9d1ef1a244f27375f4877da81b4dea05be4f47a477251f2fde4a65d829e
8bfb6389f80ddd586b66a540370f89f40e7eb39d388e8d9410f57caa732dc5cd
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
8d864aaf8c3bbd62ae3be25f19d2fc1e6eb5218f6e7e251dc7a23fdc8c9648d4
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8db6523b53a9d6351f059b8bf2aa5c7fabf1bdf37f76e0c312a2660de013b95d
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
8f5e5317b735aff8f73f533370d1731ec22917604d86d88c304ba59ca7a291eb
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
90798df68ecbb59920e7c732d62d6a15b436a2726c15b9fa0d44163fc1e721a7
913ed8aaed6f69aafcaa8c67abe8add9dca92d9d016aae079cc8a8a5da4b16b6
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93c8eb3bb26d39669934d7784b86df347db45894a88416d5d84a1ca57efe093b
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
94c3d0f52cee1217895c22a7a35b5f7b855fb495709822159a471811575738da
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
9f23b284e0eb665f61e76b6d0a3c8216f430288697e89ff45bf3ef1a2f48a7b9
a0eb564e8b104002217b23d191c384d64d77b30fa37b0f124db645e16096cfd3
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
a88f274133df7cd377eaaf7a2ac91cac584671004d8fcfc06cf9ff723c1f689a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad66b40ac6fb0451baa6f252864ee213eb292767fe47d1cfc08656ba5b64e1c4
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b521cf21eb734ff6b687aef8f56b3ab1be44709262716e6817b1898bbc2b986d
b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91
bc19bb0f8a32439be8acf92004cd921b46ba6caa528dd8a4cb1875fe5761c64e
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
c2f85bc03d72fdd58ac7fb2cb580914b4679bcf8c99533ba20743ee73d0e28ce
c60a1c9a37989557aed8884899ddec28096d9624f4b43c602f9b335ae1db25cf
cab0bd7418905a8b7ac2510a8708b4bcb01af80459e20265582d4d96ae931c06
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cefa070557861023a0cdcd01ac9b84d8212be8ab4461d82b051e5211edce1723
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
d1293e49980295cf15720f2cf52f79a1d255fea0b43ed99107de375e6bb2cc9e
d3ec94bf5645a3624317a4cc3015ae9afb7ac1120806c3f576f4b55120c7b352
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d7b88f6ac1ab16f64fbef6c112cf90ec87b9ec392707cc68a0c24f4d79cab007
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
dad13fc8c9cbaf0489bcbf38bdf2fa7ed610b9ec06a53b9052636fdf56d57435
db7d4517c08bd45d9c379997b693687663a2471c927810bdcac5a8772c68e741
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb085ad0fca889c4a1b898ccc7458c5d586e5740e7b7bffe065ac6a5e247ada
dcc39642039ac0d3dbe755213191c648cbf4efe525547c4693661aa24d3587a6
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd9a35f5f9c1d5cf113f589c9e65acd08a98fea0ed44b28ddca8b5490806f8d3
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
defe8bdd321daa5f879a3ce5ae929266c7f8c79b87539e2bf148291f7a5fb5f4
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d
e864c75ed847605431470f3724181592e861488f21976d8bedb14c6ca5b9b141
e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8
e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e
ee064ca527d2ca2030e6268d423f842c6f7d5e4979f1623f420eba57675e648c
ee39d0cbc9e9cd88b7dac8ebca680b89e8879081f855152f21772c7834474437
ef072b9ae1b3c29f94781c86bcdfdb71c1e06bbc7a2f05bc65dcfa2eefdde02c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57
f2f9010ae4eb4663251dce8d71ebc52c4e9ca3ae734e1d9eb65924c71410b1b0
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6
f7a1550feb7e44d73ddb4614ece52c21bb3794b1f75fba973d238a0a9c1ae10d
fad7f3075c75555a19dd023c2317550688e7dd5be59b37cf12b6188cc9917a7b
fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe1d77182f48fdeb7d27527565f4c8d2b598af1077cbc5aa5add9fa6adc10245
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d
ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19

www.avanan.com Open in urlscan Pro 199.60.103.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

195 Requests

98 %HTTPS

0 %IPv6

46 Domains

64 Subdomains

53 IPs

4 Countries

5153 kBTransfer

12382 kBSize

39 Cookies

30 Outgoing links

Page URL History

Redirected requests

195 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.avanan.com Open in urlscan Pro
199.60.103.2 Public Scan

Screenshot
Live screenshot

Full Image

195
Requests

98 %
HTTPS

0 %
IPv6

46
Domains

64
Subdomains

53
IPs

4
Countries

5153 kB
Transfer

12382 kB
Size

39
Cookies

195 HTTP transactions
3 data transactions