www.mitiga.io Open in urlscan Pro
34.253.101.190  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 44

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365 HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3477394%26time%3D1685087334301%26url%3Dhttps%253A%252F%252Fwww.mitiga.io%252Fblog%252Fadvanced-bec-scam-campaign-targeting-executives-on-o365%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSync=true&e_ipv6=AQIrBYJfnPAO_gAAAYhXCDH5F1n2X_QHFbnTbvw92jOlJxD6pb8YiMGngaOuFzUVo50

Request Chain 52

• https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co&ct_eid=2 HTTP 302
• https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co

Request Chain 56

• https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co&ct_eid=2 HTTP 302
• https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co

Request Chain 57

• https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co&ct_eid=2 HTTP 302
• https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request advanced-bec-scam-campaign-targeting-executives-on-o365 Show response www.mitiga.io/blog/	34 KB 11 KB	252ms 84ms	Document text/html	34.253.101.190 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 34.253.101.190 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-253-101-190.eu-west-1.compute.amazonaws.com Software / Resource Hash b3a6453de7e2cf80aee732be72db51321320e51951d405b62b9ca5f834218bd3 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers accept-ranges bytes age 5022 content-encoding gzip content-length 11259 content-security-policy frame-ancestors 'self' content-type text/html date Fri, 26 May 2023 07:48:52 GMT vary Accept-Encoding,x-wf-forwarded-proto x-cache HIT, HIT x-cache-hits 2, 1 x-cluster-name eu-west-1-prod-edge-blue x-frame-options SAMEORIGIN x-lambda-id 8415ff61-cb89-4330-a14d-42925027a054 x-served-by cache-iad-kjyo7100091-IAD, cache-dub4329-DUB x-timer S1685087333.951474,VS0,VE1
GET H2	200	mitiga.webflow.869a989cb.min.css uploads-ssl.webflow.com/616f053802514ab652c54cc2/css/	284 KB 52 KB	164ms 55ms	Stylesheet text/css	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uploads-ssl.webflow.com/616f053802514ab652c54cc2/css/mitiga.webflow.869a989cb.min.css Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 38b58c5526904149d0598c5a17c738560a1ae38183ffcc17b5d024a34d9d4259 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 05:47:02 GMT content-encoding gzip via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) x-amz-version-id j6YbGCWGiS4LZI8mBgLGeNiKY9P9bycN age 7312 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 52320 last-modified Fri, 26 May 2023 02:10:23 GMT server AmazonS3 etag "7488fb9d5c6bf4ab6d7491a36c21d589" content-type text/css access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes x-amz-cf-id fkHeN6VU5N_y_oS_Z4WroVCl1LiFqvLtyhA06wL2NoEKFS1RD4jSSA==
GET H2	200	webfont.js Show response ajax.googleapis.com/ajax/libs/webfont/1.6.26/	13 KB 6 KB	140ms 42ms	Script text/javascript	2a00:1450:4001:80b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 25 May 2023 23:10:23 GMT content-encoding gzip x-content-type-options nosniff age 31110 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 5437 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 24 May 2024 23:10:23 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	170 KB 62 KB	180ms 66ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-209447843-1 Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2a112564c7c69964c8f3ea3973a06b06ac0936eb87997ff8c973e6326b7670b7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 63755 x-xss-protection 0 last-modified Fri, 26 May 2023 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 26 May 2023 07:48:53 GMT
GET H2	200	fs-cc.js Show response cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/	28 KB 11 KB	89ms 25ms	Script application/javascript	2a04:4e42:400::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 944b0d2a66fd7c253cb0c368dc1c6b802ecf1ea2b6f1b05b865400fcf57fc445 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 26 May 2023 07:48:53 GMT x-content-type-options nosniff content-encoding br age 20004 x-jsd-version 1.11.0 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 10384 x-served-by cache-fra-eddf8230135-FRA, cache-man4137-MAN x-jsd-version-type version etag W/"6e44-6QFWM2OT7puhIxEFAaT+kz8i7w4" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H2	200	6421b5da1f5e55904d6c97aa_Mitiga_logo_tagline.svg uploads-ssl.webflow.com/616f053802514ab652c54cc2/	13 KB 4 KB	45ms 44ms	Image image/svg+xml	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514ab652c54cc2/6421b5da1f5e55904d6c97aa_Mitiga_logo_tagline.svg Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 68e07a4ec7b174a5a0b04ba8166c430aa75406f32d888833a9dbbf2f7b42935b Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 27 Mar 2023 17:30:01 GMT x-amz-version-id KZ5HMYbzFMD1I50PWRWHCawtk_JvwP0v content-encoding gzip via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 5149133 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront last-modified Mon, 27 Mar 2023 15:27:24 GMT server AmazonS3 etag W/"490826587cba805416fb2feca59f8b2a" vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control max-age=31536000, must-revalidate x-amz-cf-id wfyJW7o83IA0lBpHHdeGYGaWTRQCLEY5560vQSi_vsClJut7VILl7A==
GET H2	200	forms2.min.js Show response go.mitiga.io/js/forms2/js/	208 KB 69 KB	858ms 203ms	Script application/x-javascript	104.17.70.206 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://go.mitiga.io/js/forms2/js/forms2.min.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:53 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status MISS last-modified Fri, 05 May 2023 17:50:04 GMT server cloudflare etag "16a0f6a-33e51-5faf5eb3b0b00" vary Accept-Encoding content-type application/x-javascript cache-control public, max-age=14400 cf-ray 7cd46b1c6e772196-MAN expires Fri, 26 May 2023 11:48:53 GMT
GET H2	200	616f053802514a2d6dc54d14_Icon-twitter.png uploads-ssl.webflow.com/616f053802514ab652c54cc2/	23 KB 24 KB	49ms 48ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514ab652c54cc2/616f053802514a2d6dc54d14_Icon-twitter.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash edbdc30183e1cd7276fca64b2dbbf924ca33be669fb628399eb0e89d4493ff22 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 23 Sep 2022 07:25:09 GMT x-amz-version-id 0KQ14jfV1LgUh_cU5nzu8T3ITOS4.fZO via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 21169425 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 23951 last-modified Tue, 19 Oct 2021 17:49:46 GMT server AmazonS3 etag "fbf1ffe2c09fefffe7520b28d5b30671" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id rbdHAMlJRpNQUHbMKKKdLRgc5d7MQcMBuLuBO5W_StPDM6TBVMHZVA==
GET H2	200	616f053802514a630ac54e13_linkedin_icon_200x200_white.png uploads-ssl.webflow.com/616f053802514ab652c54cc2/	2 KB 2 KB	54ms 53ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514ab652c54cc2/616f053802514a630ac54e13_linkedin_icon_200x200_white.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash cd21d2cf3182094e584fd287e004e671173705debfb44f83b4878105b93b94a7 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 09 Nov 2022 17:33:51 GMT x-amz-version-id 2nXOSHzQ5q7xbhig2DD75GtfyUSAfeOf via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 17072103 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 1599 last-modified Tue, 19 Oct 2021 17:49:49 GMT server AmazonS3 etag "5fd62edaeda95ac5d5b3231bdb71770d" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id z3wt6QKw7tOo2BirfwtCkgnUABxn8AVDpOWV_37AxbL8EloZWjFXkg==
GET H2	200	jquery-3.5.1.min.dc5e7f18c8.js Show response d3e54v103j8qbb.cloudfront.net/js/	87 KB 30 KB	167ms 54ms	Script application/javascript	52.222.232.144 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=616f053802514ab652c54cc2 Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.222.232.144 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-52-222-232-144.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Referer https://www.mitiga.io/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 03:51:03 GMT content-encoding br via 1.1 e59bea79ab5f15feda92136bc7b74158.cloudfront.net (CloudFront) age 14282 x-amz-cf-pop FRA56-P4 x-cache Hit from cloudfront last-modified Mon, 20 Jul 2020 17:53:02 GMT server AmazonS3 etag W/"dc5e7f18c8d36ac1d3d4753a87c98d0a" access-control-max-age 3000 access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=84600, must-revalidate vary Accept-Encoding x-amz-cf-id O_wBAFrRHVrLnVwjydHUtVPIZC3K0_tzWsoWAGOIdv5fHkcLPeYI5g==
GET H2	200	webflow.980984e80.js Show response uploads-ssl.webflow.com/616f053802514ab652c54cc2/js/	251 KB 79 KB	57ms 56ms	Script text/javascript	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://uploads-ssl.webflow.com/616f053802514ab652c54cc2/js/webflow.980984e80.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 2e98e464d7701b9b3412787414e3924e7f98c5e76f4c0efb47841d6774c13b39 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-amz-version-id mOhaI0L4woLuhCJxazb5.rgp.ZoYG1Nr content-encoding gzip via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) date Fri, 26 May 2023 06:14:16 GMT age 5678 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 80061 last-modified Wed, 24 May 2023 01:58:31 GMT server AmazonS3 etag "25ad9ec2448a3df02ed0de5c978bcca8" vary Accept-Encoding content-type text/javascript access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes x-amz-cf-id v32O-8H46X3ytujDA5dzb4efK0EW09pJl0Z5nsKu0hNuqRhhbRi6Cw==
GET H2	200	css fonts.googleapis.com/	73 KB 2 KB	175ms 60ms	Stylesheet text/css	2a00:1450:4001:827::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 30849317e22ac7ed334c6980a71261a7e4a0de04b820c70aaf3c2ca95030b4cc Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 26 May 2023 07:48:53 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 26 May 2023 07:48:53 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 26 May 2023 07:48:53 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	203 KB 73 KB	170ms 57ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 2607b154fb808de68a99971c04f6e0a4749940f98fb41a74d988b2e1455f9e41 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 74686 x-xss-protection 0 last-modified Fri, 26 May 2023 06:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 26 May 2023 07:48:53 GMT
GET H2	200	6304ebd4684aac2c12108469_mask_shutterstock_519663250.jpeg uploads-ssl.webflow.com/616f053802514a246ec54cfc/	3 MB 3 MB	173ms 171ms	Image image/jpeg	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/6304ebd4684aac2c12108469_mask_shutterstock_519663250.jpeg Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 3305d252e393776c3fe4b0ca725a317136a38826fba51ef4985bec92705314c0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sun, 26 Feb 2023 16:33:27 GMT x-amz-version-id AGPseKz_6cjDppB2rtEZ9fvY0WDp8TJk via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 7658127 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 2897624 last-modified Tue, 23 Aug 2022 15:01:42 GMT server AmazonS3 etag "917e299e3d2583688ee84bb84cf0816d" content-type image/jpeg access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id QvtoAefELhPnowDbmrvnw9GjtIyXdP9BcjWmAA4xJfsaqDFfkWp4OQ==
GET H2	200	6441c8b9d8e29bc680bfa91b_62acdf24cf548421118cbc4f_FIRSTconf2022-bkg-s02.jpeg uploads-ssl.webflow.com/616f053802514a246ec54cfc/	460 KB 461 KB	86ms 85ms	Image image/jpeg	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/6441c8b9d8e29bc680bfa91b_62acdf24cf548421118cbc4f_FIRSTconf2022-bkg-s02.jpeg Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash d2004b5e6731f999cc928c1b5be1cbbcdbd62ff7c665281f80189b9b7a15d432 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 02:11:38 GMT x-amz-version-id Od_UQosffg7GOAExdEjVAMBq4vSmuG1b via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 20236 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 470883 last-modified Thu, 20 Apr 2023 23:20:26 GMT server AmazonS3 etag "a9e67b683408604ef27c2faf643d9195" content-type image/jpeg access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes x-amz-cf-id BQYMeM2sy-OSlNqgtCUuXmFQHWfopOWtgy_6NtQQ2eZfH7GBiGtoRA==
GET H2	200	6441c8b9bb3de31ab9407989_6239f23f3d604b190f5f2269_OktaBreach_headernew.jpeg uploads-ssl.webflow.com/616f053802514a246ec54cfc/	113 KB 114 KB	166ms 165ms	Image image/jpeg	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/6441c8b9bb3de31ab9407989_6239f23f3d604b190f5f2269_OktaBreach_headernew.jpeg Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash f064936f6917c3f3a944b2f6173b0ea6b6c6ab84fc0d9b5a1703a6b2ea74ddae Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 02:11:38 GMT x-amz-version-id PWMSgzKshxesEFR5YRfZ_Crlcbsynqa6 via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 20236 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 116170 last-modified Fri, 21 Apr 2023 07:00:22 GMT server AmazonS3 etag "d330a5f2e8c801628698e5d4a5b627ae" content-type image/jpeg access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes x-amz-cf-id 5fFWvdBP1eybgq4dLPlrohI-wcD5ouNMpd5-NdtPeYJ7FO65XvZ57w==
GET H2	200	6441c8b9dfbc2d73cf3b4178_62a79004b289c026566b4f9a_hpHorse.jpeg uploads-ssl.webflow.com/616f053802514a246ec54cfc/	245 KB 246 KB	189ms 189ms	Image image/jpeg	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/6441c8b9dfbc2d73cf3b4178_62a79004b289c026566b4f9a_hpHorse.jpeg Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 23e8b851369d43fd29b45143c64d494cb8f654e0868a324ee782dc145dcb0148 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 02:11:55 GMT x-amz-version-id Rw7Sxa3IDAAIv5NO_35pUJbmmQfqDFC1 via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 20219 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 251354 last-modified Thu, 20 Apr 2023 23:20:26 GMT server AmazonS3 etag "92aed9bc168f4a88de7adb4516e18901" content-type image/jpeg access-control-allow-origin * cache-control max-age=84600, must-revalidate accept-ranges bytes x-amz-cf-id JPXf-wwas9Ea2rN5c4qpnrxMx3TfjrHfcoD4P6Jt6IKsxNwDFkQwpQ==
GET DATA	200 OK	truncated /	2 KB 2 KB		Font application/x-font-ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 05dae8fbb96f3675f8b2981e8ead256a0f74ccba053fb08396c9a5fe99c54845 Request headers Referer Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/x-font-ttf;charset=utf-8
GET H2	200	63052a1885969544dadd36fb_email.png uploads-ssl.webflow.com/616f053802514a246ec54cfc/	40 KB 40 KB	146ms 144ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/63052a1885969544dadd36fb_email.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash a3f2acc6e3ab71b13062d254c3cc9b882d5264a73e83ba882ed543f9f8e91bec Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 03 May 2023 17:14:21 GMT x-amz-version-id pncALSS1y_aOQtilcxxRMoj.IuyYzU1v via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 1953273 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 40580 last-modified Tue, 23 Aug 2022 19:27:21 GMT server AmazonS3 etag "21689899ba67d9777abf304c38b3c7b1" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id p9x-Fw3bdM5wKC5HrhtivfH5wwv3ZDZBq_WzofBHG14_uPRcg1YgPg==
GET H2	200	63050150de0939365f06fd11_Picture1.png uploads-ssl.webflow.com/616f053802514a246ec54cfc/	589 KB 590 KB	146ms 144ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/63050150de0939365f06fd11_Picture1.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 1d0bf40e8d8d36a5976721db7d27ee84d7c7665ca9e0040e9f37216c1ccb0f9d Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 11 May 2023 05:07:43 GMT x-amz-version-id gWtbtLShnoPAorWnkr6w6q7yEW2qoyj5 via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 1305670 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 602793 last-modified Tue, 23 Aug 2022 16:33:21 GMT server AmazonS3 etag "eebf5d939c3f5e515a51361b40171106" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id FIemTVHQgRNj99xJCLOXMIRXLskJWr-DrEiB3YfTH7YnuvbXLyQkiA==
GET H2	200	6305018c62a1a1692fbeb398_2.png uploads-ssl.webflow.com/616f053802514a246ec54cfc/	105 KB 106 KB	146ms 144ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/6305018c62a1a1692fbeb398_2.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash c83c19a0becc3ee3f7b097874674703844d064dd142e623b83be355c0503d1d5 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 04 May 2023 18:09:21 GMT x-amz-version-id dJNOUmYoRE0x1D1BUkHmicz0Lv4L.FKe via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 1863573 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 108004 last-modified Tue, 23 Aug 2022 16:34:21 GMT server AmazonS3 etag "e064bdd83ad490bc7a7c93743b1d5ed8" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id DNqbV2pLba-ljwQXHJvm5QszllxbJVfh13uZJEpaLJG2KEEY5kpusQ==
GET H2	200	630501dc4b419b8be07e5856_3.png uploads-ssl.webflow.com/616f053802514a246ec54cfc/	68 KB 68 KB	146ms 145ms	Image image/png	18.66.112.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://uploads-ssl.webflow.com/616f053802514a246ec54cfc/630501dc4b419b8be07e5856_3.png Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.112.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-112-105.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 298de32c358fbdcf8cc819f5ce834c2a406514cd1dd7dfeb9baa63cbdd981fe2 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 03 May 2023 17:14:21 GMT x-amz-version-id lR8uun9tn.IomIlMbwORNEPiCs_aWbf1 via 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront) age 1953273 x-amz-cf-pop FRA56-P5 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 69388 last-modified Tue, 23 Aug 2022 16:35:41 GMT server AmazonS3 etag "844b9d7fd758ee29e14b5cab42f052f7" content-type image/png access-control-allow-origin * cache-control max-age=31536000, must-revalidate accept-ranges bytes x-amz-cf-id 8WwUUfu96iPVTjhkyUjbyG9TnKiz6zHRHyG8LeirtjOoaroCpSvyKQ==
GET H2	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v25/	30 KB 30 KB	349ms 219ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 14:34:09 GMT x-content-type-options nosniff age 494084 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30928 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:57:39 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 14:34:09 GMT
GET H2	200	JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2 fonts.gstatic.com/s/montserrat/v25/	31 KB 31 KB	310ms 180ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v25/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 33befdbbb24930584f5ac94ea3117adcd56518f20ab1619d05de83ffd1821d38 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 24 May 2023 01:47:07 GMT x-content-type-options nosniff age 194506 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31760 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:54:16 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 23 May 2024 01:47:07 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v35/	47 KB 48 KB	192ms 63ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 00:21:44 GMT x-content-type-options nosniff age 545229 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 48412 x-xss-protection 0 last-modified Tue, 02 May 2023 15:08:53 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 00:21:44 GMT
GET H2	200	memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 fonts.gstatic.com/s/opensans/v35/	49 KB 49 KB	388ms 259ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3642c7e774562f7483d7b0de93dd1759fc6928e85eebd7e62ddae72e9d46c9cb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 12:23:10 GMT x-content-type-options nosniff age 501943 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 50440 x-xss-protection 0 last-modified Tue, 02 May 2023 15:13:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 12:23:10 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	12 KB 12 KB	370ms 242ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 570fccbb23e47f3f48767d3b6199198988328bac118fd6933def8f5fb4478472 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 02:38:21 GMT x-content-type-options nosniff age 18632 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12680 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:05:50 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 25 May 2024 02:38:21 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	384ms 256ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 24 May 2023 00:20:55 GMT x-content-type-options nosniff age 199678 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12956 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:54:52 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 23 May 2024 00:20:55 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	307ms 179ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Thu, 25 May 2023 17:12:56 GMT x-content-type-options nosniff age 52557 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13036 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:04:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Fri, 24 May 2024 17:12:56 GMT
GET H2	200	6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	12 KB 12 KB	385ms 257ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e286a9ef7d2064a4cf7026449941a557c7123aa84ef2a17cf79a38820f5474bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 15:00:51 GMT x-content-type-options nosniff age 492482 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12580 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:19:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 15:00:51 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	345ms 217ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 03:23:58 GMT x-content-type-options nosniff age 15895 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13052 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:09:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 25 May 2024 03:23:58 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	13 KB 13 KB	372ms 244ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 23:02:35 GMT x-content-type-options nosniff age 463578 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12924 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:02:31 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 23:02:35 GMT
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v21/	12 KB 12 KB	328ms 200ms	Font font/woff2	2a00:1450:4001:811::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic%7CSource+Sans+Pro:200,300,regular,italic,600,700,900 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 080e18a8c761c3d30b7ec08aa65f87109a0228367eafd0a12fcefda58d10e8ad Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.mitiga.io accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Sat, 20 May 2023 05:19:25 GMT x-content-type-options nosniff age 527368 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12408 x-xss-protection 0 last-modified Wed, 27 Apr 2022 16:54:54 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 19 May 2024 05:19:25 GMT
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	162ms 50ms	Script application/x-javascript	2a02:26f0:3500:16::215:148d AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:53 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=69336 accept-ranges bytes content-length 4777
GET H2	200	loader.js Show response www.gstatic.com/wcm/	3 KB 2 KB	161ms 49ms	Script text/javascript	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/wcm/loader.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:17:07 GMT content-encoding br x-content-type-options nosniff age 1906 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1339 x-xss-protection 0 last-modified Mon, 15 Mar 2021 16:45:00 GMT server sffe vary Accept-Encoding report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type text/javascript cache-control public, max-age=3600 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Fri, 26 May 2023 08:17:07 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/10819272131/	3 KB 2 KB	180ms 73ms	Script text/javascript	2a00:1450:4001:827::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10819272131/?random=1685087333861&cv=11&fst=1685087333861&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&hn=www.googleadservices.com&frm=0&tiba=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&auid=639663860.1685087334&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash fd2b869254c6e1a89461807ac4a3cd23c4e8325f82c962464abd98c756299438 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 07:48:53 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1354 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bat.js Show response bat.bing.com/	40 KB 12 KB	156ms 51ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Fri, 26 May 2023 07:48:53 GMT last-modified Thu, 11 May 2023 18:08:27 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: BCB1942B1405469DABAA330237A91158 Ref B: LTSEDGE0910 Ref C: 2023-05-26T07:48:53Z etag "80df77953384d91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 12183
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/	1 KB 1 KB	203ms 86ms	Script application/x-javascript	104.64.124.188 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/munchkin.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-64-124-188.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 07:48:54 GMT Content-Encoding gzip Last-Modified Fri, 17 Mar 2023 01:24:48 GMT Server AkamaiNetStorage ETag "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Connection keep-alive Accept-Ranges bytes Content-Length 729
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	106 KB 28 KB	151ms 48ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7fee08728b501812ba1c44658ad4ef459c107d78bd6e5b27c8ff80f110c34c04 Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 26 May 2023 07:48:53 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27500 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug KCKo/w6nwy6X9vBrBCSlRHXs/l4lGiVijt34yj5PT++2XTp7Lr/FiELgk+F2wqg8Z61EnGGwW6arISlenhj++Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	225 KB 79 KB	58ms 57ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-Z45H8KKERP&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLXTPLV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 492b920e029aa6f2ec157b6bbd1d0e02043e3a12c2e1ba19b33b3bae58b74ebf Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 80739 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 26 May 2023 07:48:53 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	224 KB 77 KB	88ms 61ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-YPRQFQ1Z06&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-209447843-1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f2568e0918d4efae02c7a984bd42265b7313093523ef236226de9379760f9bea Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:54 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 78920 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 26 May 2023 07:48:54 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	51 KB 21 KB	171ms 43ms	Script text/javascript	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-209447843-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 26 May 2023 06:35:34 GMT last-modified Mon, 17 Apr 2023 22:36:01 GMT server Golfe2 age 4400 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20737 expires Fri, 26 May 2023 08:35:34 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 254 B	122ms 37ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-Z45H8KKERP&gtm=45je35o0&_p=1299607207&cid=477645298.1685087334&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685087334&sct=1&seg=0&dl=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&dt=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&en=page_view&_fv=1&_nsi=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-Z45H8KKERP&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 07:48:54 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.mitiga.io cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	call-tracking_7.js Show response www.gstatic.com/call-tracking/	54 KB 55 KB	48ms 47ms	Script text/javascript	2a00:1450:4001:80e::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/call-tracking/call-tracking_7.js Requested by Host: www.gstatic.com URL: https://www.gstatic.com/wcm/loader.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Tue, 23 May 2023 18:41:29 GMT x-content-type-options nosniff age 220045 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 55675 x-xss-protection 0 last-modified Wed, 03 Feb 2021 22:45:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="ads-telephony" vary Accept-Encoding report-to {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Wed, 22 May 2024 18:41:29 GMT
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/3477394/domain/mitiga.io/	36 B 375 B	164ms 61ms	XHR application/json	2600:9000:20eb:c000:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/3477394/domain/mitiga.io/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:c000:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://www.mitiga.io/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 03:45:29 GMT content-encoding gzip via 1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C1 age 14605 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=24772 x-amz-cf-id 5k-V-ao6TAoUacPZt9DNWGcAO8IBtpUPgtvlxK0pIRRColmYKc8Skg==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365 https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3477394%26time%3D1685087334301%26url%3Dhttps%253A%252F%252Fwww.mitiga.io%252Fblog... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSyn... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSy...	0 268 B	172ms 114ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSync=true&e_ipv6=AQIrBYJfnPAO_gAAAYhXCDH5F1n2X_QHFbnTbvw92jOlJxD6pb8YiMGngaOuFzUVo50 Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:54 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: A7683D56B2DE4B798595E602ECB30D70 Ref B: MAN30EDGE0906 Ref C: 2023-05-26T07:48:55Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAX8k/gG6THM8iL5b2lPIQ== Redirect headers date Fri, 26 May 2023 07:48:54 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 85801D047699416EB2D1FF382C3AE696 Ref B: LON21EDGE0421 Ref C: 2023-05-26T07:48:54Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3477394&time=1685087334301&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&cookiesTest=true&liSync=true&e_ipv6=AQIrBYJfnPAO_gAAAYhXCDH5F1n2X_QHFbnTbvw92jOlJxD6pb8YiMGngaOuFzUVo50 x-li-proto http/2 content-length 0 x-li-uuid AAX8k/gDHJI0vvdlNWf8zQ==
GET H2	200	/ www.google.com/pagead/1p-user-list/10819272131/	42 B 456 B	187ms 59ms	Image image/gif	2a00:1450:4001:82b::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/10819272131/?random=1685087333861&cv=11&fst=1685084400000&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&frm=0&tiba=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&fmt=3&is_vtc=1&random=2066708027&rmt_tld=0&ipr=y Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 07:48:54 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.co.uk/pagead/1p-user-list/10819272131/	42 B 456 B	188ms 57ms	Image image/gif	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.co.uk/pagead/1p-user-list/10819272131/?random=1685087333861&cv=11&fst=1685084400000&bg=ffffff&guid=ON&async=1&gtm=45He35o0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&frm=0&tiba=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&fmt=3&is_vtc=1&random=2066708027&rmt_tld=1&ipr=y Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 07:48:54 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	munchkin.js Show response munchkin.marketo.net/163/	11 KB 5 KB	141ms 131ms	Script application/x-javascript	104.64.124.188 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://munchkin.marketo.net/163/munchkin.js Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/munchkin.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-64-124-188.deploy.static.akamaitechnologies.com Software AkamaiNetStorage / Resource Hash 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 07:48:54 GMT Content-Encoding gzip Last-Modified Fri, 06 Jan 2023 02:26:40 GMT Server AkamaiNetStorage ETag "ea7826f34518d7c2295738f39c7640fa:1672972000.238769" Vary Accept-Encoding Content-Type application/x-javascript P3P policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR" Cache-Control max-age=8640000 Connection keep-alive Accept-Ranges bytes Content-Length 4741 Expires Sun, 03 Sep 2023 07:48:54 GMT
GET H2	204	148019335.js Show response bat.bing.com/p/action/	0 118 B	137ms 137ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/148019335.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Fri, 26 May 2023 07:48:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 568D3BE90E174FD6AB5C952B5AD7DC8C Ref B: LTSEDGE0910 Ref C: 2023-05-26T07:48:54Z x-cache CONFIG_NOCACHE
GET H2	200	271068801898989 Show response connect.facebook.net/signals/config/	376 KB 108 KB	204ms 202ms	Script application/x-javascript	2a03:2880:f084:d:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/271068801898989?v=2.9.104&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 04595699afae07b4705b177d4ac0ac65263d93bea7572fcba30bd6662f7e270b Security Headers Name Value Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers content-security-policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Fri, 26 May 2023 07:48:54 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug o/nCBzFw7x1urVosBt2t2s98izw+Rq4ZkQWjePIKbbk858qXdsxGpJ5Kyt2ux8p994rK3RAGJb+MtzRKrtshbw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 1679558926 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 55 B	65ms 64ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-YPRQFQ1Z06&gtm=45je35o0&_p=1299607207&cid=477645298.1685087334&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685087334&sct=1&seg=0&dl=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&dt=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&en=page_view&_fv=1&_ss=1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-YPRQFQ1Z06&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache date Fri, 26 May 2023 07:48:54 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.mitiga.io cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	1 B 206 B	52ms 51ms	XHR text/plain	2a00:1450:4001:82f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1299607207&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&ul=en-us&de=UTF-8&dt=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=297828754&gjid=1575942672&cid=477645298.1685087334&tid=UA-209447843-1&_gid=1249519347.1685087335&_r=1&gtm=457e35o0&jsscut=1&z=717612281 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.mitiga.io/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 26 May 2023 07:48:54 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.mitiga.io cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	wcm Show response www.google.co.uk/pagead/attribution/ Redirect Chain https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co&ct_eid=2 https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co	80 B 245 B	54ms 53ms	XHR application/json	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin null content-type application/json; charset=UTF-8 cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 87 x-xss-protection 0 Redirect headers date Fri, 26 May 2023 07:48:54 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=18885984654&cl=ovefCNTp1pEDEMP7g6co access-control-allow-origin https://www.mitiga.io p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
POST H/1.1	200 OK	visitWebPage 422-djp-161.mktoresp.com/webevents/	2 B 318 B	1213ms 178ms	Ping text/plain	192.28.147.68 OMNITURE
General Check archive.org Show headers Download Go to Full URL https://422-djp-161.mktoresp.com/webevents/visitWebPage?_mchNc=1685087334562&_mchCn=&_mchId=422-DJP-161&_mchTk=_mch-www.mitiga.io-1685087334561-44804&_mchHo=www.mitiga.io&_mchPo=&_mchRu=%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp= Requested by Host: munchkin.marketo.net URL: https://munchkin.marketo.net/163/munchkin.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.28.147.68 , United States, ASN15224 (OMNITURE, US), Reverse DNS Software nginx/1.20.1 / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Fri, 26 May 2023 07:48:55 GMT Content-Encoding gzip Server nginx/1.20.1 Transfer-Encoding chunked Content-Type text/plain; charset=UTF-8 Access-Control-Allow-Origin * Connection keep-alive X-Request-Id f446bbbe-8258-4b62-b3dd-c7625190f8e1
GET H2	204	0 bat.bing.com/action/	0 286 B	55ms 54ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=148019335&tm=gtm002&Ver=2&mid=0ee907c5-8edc-4b7c-a979-62b8af259c9b&sid=c370e050fb9911edbf2e875e21940a60&vid=c3710520fb9911eda8404131773e3511&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365&p=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&r=&lt=1797&evt=pageLoad&sv=1&rn=326632 Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Fri, 26 May 2023 07:48:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 01D5BD477473421C925FBABD643F948A Ref B: LTSEDGE0910 Ref C: 2023-05-26T07:48:54Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 186 B	140ms 43ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=271068801898989&ev=PageView&dl=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&rl=&if=false&ts=1685087334738&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1685087334736.103400053&cs_est=true&it=1685087334367&coo=false&rqm=GET Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 07:48:54 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H3	200	wcm Show response www.google.co.uk/pagead/attribution/ Redirect Chain https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co&ct_eid=2 https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co	80 B 111 B	50ms 50ms	XHR application/json	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H3 Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin null content-type application/json; charset=UTF-8 cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 87 x-xss-protection 0 Redirect headers date Fri, 26 May 2023 07:48:54 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=442039741616&cl=NZlgCPbmzZEDEMP7g6co access-control-allow-origin https://www.mitiga.io p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H3	200	wcm Show response www.google.co.uk/pagead/attribution/ Redirect Chain https://www.googleadservices.com/pagead/conversion/10819272131/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co&ct_eid=2 https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co	80 B 111 B	52ms 52ms	XHR application/json	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co Requested by Host: www.mitiga.io URL: https://www.mitiga.io/blog/advanced-bec-scam-campaign-targeting-executives-on-o365 Protocol H3 Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Fri, 26 May 2023 07:48:54 GMT content-encoding gzip x-content-type-options nosniff server cafe p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-origin null content-type application/json; charset=UTF-8 cache-control private access-control-allow-credentials true cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 87 x-xss-protection 0 Redirect headers date Fri, 26 May 2023 07:48:54 GMT x-content-type-options nosniff server cafe content-type text/html; charset=UTF-8 location https://www.google.co.uk/pagead/attribution/wcm?cc=ZZ&dn=97239786654&cl=_l1eCOvzzZEDEMP7g6co access-control-allow-origin https://www.mitiga.io p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" access-control-allow-credentials true cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0
GET H2	200	/ www.facebook.com/tr/	0 55 B	45ms 44ms	Image text/plain	2a03:2880:f176:84:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=271068801898989&ev=Microdata&dl=https%3A%2F%2Fwww.mitiga.io%2Fblog%2Fadvanced-bec-scam-campaign-targeting-executives-on-o365&rl=&if=false&ts=1685087335242&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365%22%2C%22meta%3Adescription%22%3A%22Mitiga%20spotted%20a%20sophisticated%2C%20advanced%20business%20email%20compromise%20(BEC)%20campaign%2C%20directly%20targeting%20relevant%20executives%20of%20organizations%20(mostly%20CEOs%20and%20CFOs)%20using%20Office%20365.%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365%22%2C%22og%3Adescription%22%3A%22Mitiga%20spotted%20a%20sophisticated%2C%20advanced%20business%20email%20compromise%20(BEC)%20campaign%2C%20directly%20targeting%20relevant%20executives%20of%20organizations%20(mostly%20CEOs%20and%20CFOs)%20using%20Office%20365.%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fuploads-ssl.webflow.com%2F616f053802514a246ec54cfc%2F6304ebd4684aac2c12108469_mask_shutterstock_519663250.jpeg%22%2C%22twitter%3Atitle%22%3A%22Advanced%20BEC%20Scam%20Campaign%20Targeting%20Executives%20on%20O365%22%2C%22twitter%3Adescription%22%3A%22Mitiga%20spotted%20a%20sophisticated%2C%20advanced%20business%20email%20compromise%20(BEC)%20campaign%2C%20directly%20targeting%20relevant%20executives%20of%20organizations%20(mostly%20CEOs%20and%20CFOs)%20using%20Office%20365.%22%2C%22twitter%3Aimage%22%3A%22https%3A%2F%2Fuploads-ssl.webflow.com%2F616f053802514a246ec54cfc%2F6304ebd4684aac2c12108469_mask_shutterstock_519663250.jpeg%22%2C%22og%3Atype%22%3A%22website%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.104&r=stable&ec=1&o=30&fbp=fb.1.1685087334736.103400053&it=1685087334367&coo=false&es=automatic&tm=3&rqm=GET Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language en-GB,en;q=0.9 Referer https://www.mitiga.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Fri, 26 May 2023 07:48:55 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0