urlscan.io logo urlscan.io
SecurityTrails logo

zix.com Open in urlscan Pro
199.30.234.249  Public Scan

Go To Rescan Add Verdict Report
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Submission: On February 25 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 7 countries across 12 domains to perform 24 HTTP transactions. The main IP is 199.30.234.249, located in United States and belongs to ASN-CUST, US. The main domain is zix.com.
TLS certificate: Issued by AffirmTrust Extended Validation CA - EV1 on November 16th 2018. Valid for: 2 years.
This is the only time zix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 199.30.234.249 13380 (ASN-CUST)
2 52.239.137.4 8075 (MICROSOFT...)
1 34.201.179.37 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 95.100.67.47 16625 (AKAMAI-AS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 13.35.253.62 16509 (AMAZON-02)
1 147.75.100.69 54825 (PACKET)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 147.75.32.125 54825 (PACKET)
1 147.75.33.229 54825 (PACKET)
24 15
6    199.30.234.249 (United States)

ASN13380 (ASN-CUST, US)
zix.com
2    52.239.137.4 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
optanon.blob.core.windows.net
1    34.201.179.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-179-37.compute-1.amazonaws.com
www.bugherd.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:81d::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    95.100.67.47 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-67-47.deploy.static.akamaitechnologies.com
use.typekit.net
p.typekit.net
1    2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
2    13.35.253.62 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-62.fra6.r.cloudfront.net
js.driftt.com
1    147.75.100.69 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress16
static.hotjar.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    147.75.32.125 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress14
script.hotjar.com
1    147.75.33.229 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress11
vars.hotjar.com
Domain Requested by
6 zix.com zix.com
3 use.typekit.net zix.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 js.driftt.com zix.com
js.driftt.com
2 optanon.blob.core.windows.net zix.com
optanon.blob.core.windows.net
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 stats.g.doubleclick.net zix.com
1 geolocation.onetrust.com code.jquery.com
1 static.hotjar.com zix.com
1 code.jquery.com optanon.blob.core.windows.net
1 p.typekit.net zix.com
1 fonts.googleapis.com zix.com
1 www.googletagmanager.com zix.com
1 www.bugherd.com zix.com
24 15
Subject Issuer Validity Valid
zix.com
AffirmTrust Extended Validation CA - EV1		 2018-11-16 -
2020-11-16		 2 years crt.sh
*.blob.core.windows.net
Microsoft IT TLS CA 4		 2020-01-17 -
2022-01-17		 2 years crt.sh
www.bugherd.com
Let's Encrypt Authority X3		 2020-02-12 -
2020-05-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2019-12-06 -
2021-12-10		 2 years crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
drift.com
Amazon		 2019-10-03 -
2020-11-03		 a year crt.sh
static.hotjar.com
Let's Encrypt Authority X3		 2020-02-03 -
2020-05-03		 3 months crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA		 2018-03-12 -
2020-06-14		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
script.hotjar.com
Let's Encrypt Authority X3		 2020-02-03 -
2020-05-03		 3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3		 2020-02-03 -
2020-05-03		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Frame ID: 6D69B42808B1FEB140FD4B99E283F8E4
Requests: 27 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 253E71C1B72372F9C0E0263C1B8C39DF
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 2F6C1E21860BBB7C71A46F85912D5C8F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /^Drupal(?:\s([\d.]+))?/i
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
  • meta generator /^Drupal(?:\s([\d.]+))?/i
  • headers expires /19 Nov 1978/i
Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

24
Requests

100 %
HTTPS

43 %
IPv6

12
Domains

15
Subdomains

15
IPs

7
Countries

540 kB
Transfer

1614 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1058109718&t=pageview&_s=1&dl=https%3A%2F%2Fzix.com%2FResources%2FBlog%2FFebruary-2019%2FFake-Board-Meeting-Reschedule-Emails&ul=en-us&de=UTF-8&dt=Phishers%20Using%20Fake%20Board%20Meeting%20%22Reschedule%22%20Emails%20to%20Prey%20Upon%20Executives%20%7C%20Zix&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=67375145&gjid=2088604046&cid=366181961.1582651404&tid=UA-91357340-1&_gid=568528605.1582651404&_r=1&gtm=2ou2c0&z=1420119996 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91357340-1&cid=366181961.1582651404&jid=67375145&_gid=568528605.1582651404&gjid=2088604046&_v=j81&z=1420119996

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set Fake-Board-Meeting-Reschedule-Emails
zix.com/Resources/Blog/February-2019/ 		62 KB
65 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
5ffb7db4ba21857f98eeed6d7d85f37072ee1afa7be2c0d590578c23e298d40a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
zix.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Date
Tue, 25 Feb 2020 17:23:21 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
Strict-Transport-Security
max-age=31536000; includeSubdomains;
X-Content-Type-Options
nosniff nosniff
Cache-Control
must-revalidate, no-cache, private
X-Drupal-Dynamic-Cache
UNCACHEABLE
Link
<https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails>; rel="canonical" <https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails>; rel="alternate"; hreflang="en" <https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails>; rel="revision"
X-UA-Compatible
IE=edge
Content-language
en
X-Frame-Options
SAMEORIGIN
X-Drupal-Cache-Tags
block_content:1 block_content:701 block_content:784 block_view config:block.block.actionsmenu_2 config:block.block.zix_content config:block.block.zix_help config:block.block.zix_local_actions config:block.block.zix_local_tasks config:block.block.zix_messages config:block.block.zixfootercopyright config:block.block.zixfootermenu config:block.block.zixlegalmenu config:block.block.zixmainmenu config:block.block.zixsearch config:block.block.zixsocialmenu config:block_list config:core.entity_view_display.node.blog_post.full config:filter.format.basic_html config:filter.format.full_html config:image.style.resource_detail_image config:system.menu.actions-menu config:system.menu.zix-footer-menu config:system.menu.zix-legal-menu config:system.menu.zix-main-menu config:system.menu.zix-social-menu config:system.site config:user.role.anonymous config:views.view.resource_detail config:views.view.resources file:5579 http_response local_task node:1705 node:1724 node:1878 node:1926 node:1964 node:1966 node:4399 node:4402 node:4407 node:4408 node:4409 node:4410 node:4411 node:4413 node:4414 node:4415 node:4416 node:4419 node:4420 node:4421 node:4422 node:4423 node:4425 node:4427 node:4428 node:4431 node:4432 node:4433 node:4435 node:4436 node:4437 node:4439 node:4443 node:4444 node:4445 node:4467 node:4473 node_list node_view rendered url.site user:1
X-Drupal-Cache-Contexts
cookies:big_pipe_nojs languages:language_content languages:language_interface layout_builder_is_active:node layout_builder_is_active:taxonomy_term route session.exists theme timezone url user.node_grants:view user.permissions user.roles:anonymous user.roles:authenticated
Expires
Sun, 19 Nov 1978 05:00:00 GMT
Vary
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Set-Cookie
BIGipServer~Corporate~www.zix.com=!M89XfVcUGg/V1t06BbBGkx3HYpi91DuQ5GeFJbxx5gaVsQvsEVAG7r8gb6QkrfCCSgavF2LrUu69zKM=; path=/; Httponly; Secure
css_pN_aNY_1eLt0WlUbmimNvK8eF4lkcIrV3SSIjBt5NlA.css
zix.com/sites/default/files/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zix.com/sites/default/files/css/css_pN_aNY_1eLt0WlUbmimNvK8eF4lkcIrV3SSIjBt5NlA.css
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
a4dfda358ff578bb745a551b9a298dbcaf1e178964708ad5dd24888c1b793650
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
2688
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 15 Jan 2020 18:36:26 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
ETag
"23c7-59c31fc70cb58-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=1209600
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Tue, 10 Mar 2020 17:23:23 GMT
css_6NMmllpRdeMAFzLR-171ol0Xys54sxJWF9w4yXJqXD0.css
zix.com/sites/default/files/css/ 		334 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://zix.com/sites/default/files/css/css_6NMmllpRdeMAFzLR-171ol0Xys54sxJWF9w4yXJqXD0.css
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
e8d326965a5175e3001732d1fb5ef5a25d17cace78b3125617dc38c9726a5c3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
54085
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 13 Feb 2020 20:42:05 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
ETag
"53787-59e7b1f34c64f-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
text/css
Cache-Control
max-age=1209600
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Tue, 10 Mar 2020 17:23:23 GMT
76bc53c7-a311-46a6-9fe5-64377e34f161.js
optanon.blob.core.windows.net/consent/ 		47 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://optanon.blob.core.windows.net/consent/76bc53c7-a311-46a6-9fe5-64377e34f161.js
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
bb1c01944e45fcba393d1a7b7ed8269bdebbcc2a2d9fa4c8ac3dfba1b434b310

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Tue, 25 Feb 2020 17:23:22 GMT
Content-Encoding
GZIP
Last-Modified
Fri, 03 Jan 2020 17:00:41 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
sloCUAgpRRT6YU699CyX6A==
ETag
0x8D7906E76D368EB
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
49f38714-e01e-0057-4700-ec316b000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=14400
x-ms-version
2009-09-19
Content-Length
12992
sidebarv2.js
www.bugherd.com/ 		43 B
572 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bugherd.com/sidebarv2.js?apikey=xmelnlgyr96uwfcdwov8tg
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.201.179.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-201-179-37.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
6faed0e4b708dd466ed2caf20a877b4b99ce8f938d31caa3af6f70772ba641ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

X-Runtime
0.011628
Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
Cowboy
Etag
W/"0267ac54c211df79ceb85b39bf6c0eb2"
X-Frame-Options
SAMEORIGIN
P3p
CP="NOI ADM DEV COM NAV OUR STP"
Via
1.1 vegur
Cache-Control
max-age=0, private, must-revalidate
Connection
close
Content-Type
text/javascript; charset=utf-8
Vary
Accept-Encoding
X-Xss-Protection
1; mode=block
X-Request-Id
a5c22f56-60d6-4a9c-892b-96a1f9a609d4
js
www.googletagmanager.com/gtag/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-91357340-1
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fbd9c9cc0c72d2921e1d9290f5201de1404253d07bf362738d03bc607c1670c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 25 Feb 2020 17:23:22 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28491
x-xss-protection
0
last-modified
Tue, 25 Feb 2020 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 25 Feb 2020 17:23:22 GMT
zix_logo.png
zix.com/themes/custom/zixappriver/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zix.com/themes/custom/zixappriver/img/zix_logo.png
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
4716126ef325ef68d8bb8801216166799c91292eef8beee02067afd9a8169b54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Jan 2020 05:10:23 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
ETag
"1ad3-59c26b9d24b9c"
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
image/png
Cache-Control
max-age=1209600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
6867
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Mar 2020 17:23:23 GMT
Business-Meeting-Reschedule.jpg
zix.com/sites/default/files/styles/resource_detail_image/public/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://zix.com/sites/default/files/styles/resource_detail_image/public/Business-Meeting-Reschedule.jpg?itok=M1GIDdab
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
5b98faa2b877cc7140b6dada109d63c0aa85b4426c310b3ef602fb520a685f32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Feb 2020 20:56:36 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
ETag
"d28e-59e53176c4d87"
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
image/jpeg
Cache-Control
max-age=1209600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
53902
X-XSS-Protection
1; mode=block
Expires
Tue, 10 Mar 2020 17:23:23 GMT
js_qK8zQiTFssEdZC5T3Iala9k9g-lAZPBg4gCL9rru-1w.js
zix.com/sites/default/files/js/ 		232 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zix.com/sites/default/files/js/js_qK8zQiTFssEdZC5T3Iala9k9g-lAZPBg4gCL9rru-1w.js
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.30.234.249 , United States, ASN13380 (ASN-CUST, US),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27 /
Resource Hash
a8af334224c5b2c11d642e53dc86a56bd93d83e94064f060e2008bf6baeefb5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 13 Feb 2020 20:31:07 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.27
ETag
"39e36-59e7af802b604-gzip"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubdomains;
Content-Type
application/javascript
Cache-Control
max-age=1209600
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Tue, 10 Mar 2020 17:23:23 GMT
css
fonts.googleapis.com/ 		4 KB
650 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900&display=swap
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7f4e0995d26305f533c4b3c1c083b2df3fb5e7bcf56942b7e1d8fcd0a93170f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 25 Feb 2020 17:23:23 GMT
server
ESF
date
Tue, 25 Feb 2020 17:23:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 25 Feb 2020 17:23:23 GMT
hei5fry.css
use.typekit.net/ 		13 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/hei5fry.css
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
52f0e109398bbca80c2bd857de83176e41157962a6c04625c93c39e86d9aa39c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
access-control-allow-origin
*
date
Tue, 25 Feb 2020 17:23:23 GMT
vary
Accept-Encoding
content-type
text/css;charset=utf-8
status
200
cache-control
private, max-age=600, stale-while-revalidate=604800
timing-allow-origin
*
content-length
1336
p.css
p.typekit.net/ 		5 B
168 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=hei5fry&ht=tk&f=2001.2002.2042.6862.6863.6868.17007.17008.17009.17011.17013.17016.25390.25391.25396.25399.31744.31745&a=33649479&app=typekit&e=css
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 25 Feb 2020 17:23:23 GMT
last-modified
Thu, 07 Feb 2019 19:28:12 GMT
server
nginx
access-control-allow-origin
*
etag
"5c5c86cc-5"
content-type
text/css
status
200
cache-control
max-age=604800
accept-ranges
bytes
content-length
5
expires
Thu, 12 Sep 2019 08:25:52 GMT
optanon.css
optanon.blob.core.windows.net/skins/5.9.0/default_flat_bottom_two_button_white/v2/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://optanon.blob.core.windows.net/skins/5.9.0/default_flat_bottom_two_button_white/v2/css/optanon.css
Requested by
Host: optanon.blob.core.windows.net
URL: https://optanon.blob.core.windows.net/consent/76bc53c7-a311-46a6-9fe5-64377e34f161.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.239.137.4 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
Last-Modified
Tue, 17 Dec 2019 20:41:23 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
61wqGaw/P7AsPsxidppxpw==
ETag
0x8D783317AC1DF03
Content-Type
text/css
Access-Control-Allow-Origin
*
x-ms-request-id
49f388fb-e01e-0057-7600-ec316b000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
Content-Length
5561
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: optanon.blob.core.windows.net
URL: https://optanon.blob.core.windows.net/consent/76bc53c7-a311-46a6-9fe5-64377e34f161.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Origin
https://zix.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 25 Feb 2020 17:23:23 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Jan 2018 17:26:44 GMT
Server
nginx
ETag
W/"5a637bd4-1538f"
Vary
Accept-Encoding
X-HW
1582651403.dop006.fr8.shc,1582651403.dop006.fr8.t,1582651403.cds057.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30288
65e63pi6mu5c.js
js.driftt.com/include/1582651500000/ 		136 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/include/1582651500000/65e63pi6mu5c.js
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-62.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
eb1bd595c36a9da5b069834dfccb512a186a280e1a9e4c14bb074d41fcf03707
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 25 Feb 2020 17:23:23 GMT
content-encoding
gzip
age
1
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 89c822bb1ce1445a7be6d1057088cfbf.cloudfront.net (CloudFront)
last-modified
Mon, 24 Feb 2020 19:42:01 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=10
access-control-allow-credentials
true
x-amz-cf-pop
FRA6-C1
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
8JsCZQuA6EymzQX7n0rr0v_86AOA63dwW8ACVN4ULm1IQCtwnL099w==
hotjar-1683830.js
static.hotjar.com/c/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1683830.js?sv=6
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.100.69 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress16
Software
/
Resource Hash
49ce8c94d63dfb2bf830194b84d9fb5bd38c7ca61d5e599ffeff4eb491333352
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 25 Feb 2020 17:23:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript
section-io-tag
hotjar
age
0
status
200
access-control-max-age
600
section-io-cache
Hit
content-length
1968
x-cache-hit
1
x-frame-options
SAMEORIGIN
etag
W/cf315ffc68f287f7bf4b6abf70d1630b
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=60
section-io-origin-time-seconds
0.022
accept-ranges
bytes
section-io-id
402b9e3d5a6ea8393349e4b470f0c621
section-origin-responded
true
truncated
/ 		468 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
330f669838be77a98c44d2f6549f8535ce664ae1593dbdb36d42f3f36e98c9d5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		863 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d26516bbdbb417efc0b2f9d1af071b402e6057353e8a8ac6b972298a6d1dc545

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		763 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ccf3c4413cd84668a268612e463fdfd1ce9231a319a8c64d9b6240c8e3b2966c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		391 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4d6fdcd6ed1721051a313f7f260de5850bdb3eef85858c3d11e46e047fdd8695

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
l
use.typekit.net/af/9f2f2a/00000000000000003b9acf30/27/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/9f2f2a/00000000000000003b9acf30/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0e61bbf1fcf3573627de44aa6799cce3ed481ae1962ad7d98f9a996db96f8c8f

Request headers

Referer
https://use.typekit.net/hei5fry.css
Origin
https://zix.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 17:23:24 GMT
server
nginx
access-control-allow-origin
*
etag
"cead359c4b45407be04b075734084dfc296015c0"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
42004
l
use.typekit.net/af/03e1a3/00000000000000003b9acf2d/27/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/03e1a3/00000000000000003b9acf2d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.67.47 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-67-47.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
3388130914aa9782e9d5a20234f4dcd5055bd86a9a9ed579ab84a597107c3593

Request headers

Referer
https://use.typekit.net/hei5fry.css
Origin
https://zix.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 25 Feb 2020 17:23:24 GMT
server
nginx
access-control-allow-origin
*
etag
"c85df0a9a8d5ceea0379089b42901c24f9cf3cd3"
content-type
application/font-woff2
status
200
cache-control
public, max-age=31536000
timing-allow-origin
*
content-length
42016
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-91357340-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5473
date
Tue, 25 Feb 2020 15:52:11 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Tue, 25 Feb 2020 17:52:11 GMT
EU
geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/ 		32 B
369 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback=jQuery33105419407504290898_1582651404020&_=1582651404021
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 25 Feb 2020 17:23:24 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
56ab5deb3c2e1762-FRA
content-length
32
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1058109718&t=pageview&_s=1&dl=https%3A%2F%2Fzix.com%2FResources%2FBlog%2FFebruary-2019%2FFake-Board-Meeting-Reschedule-Emails&ul=en-us&de=UTF...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91357340-1&cid=366181961.1582651404&jid=67375145&_gid=568528605.1582651404&gjid=2088604046&_v=j81&z=1420119996
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91357340-1&cid=366181961.1582651404&jid=67375145&_gid=568528605.1582651404&gjid=2088604046&_v=j81&z=1420119996
Requested by
Host: zix.com
URL: https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
date
Tue, 25 Feb 2020 17:23:24 GMT
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 25 Feb 2020 17:23:24 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-91357340-1&cid=366181961.1582651404&jid=67375145&_gid=568528605.1582651404&gjid=2088604046&_v=j81&z=1420119996
content-type
text/html; charset=UTF-8
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
416
expires
Fri, 01 Jan 1990 00:00:00 GMT
modules.ec4d468062bd562b1a1c.js
script.hotjar.com/ 		401 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.ec4d468062bd562b1a1c.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1683830.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.125 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress14
Software
/
Resource Hash
edbe5b0efd18f8a8b39e294b847a72289fd77b2e370cb8f6edc9e1a34f2c2330

Request headers

Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 25 Feb 2020 17:23:24 GMT
content-encoding
br
content-type
application/javascript
age
84655
status
200
section-io-cache
Hit
content-length
71364
last-modified
Mon, 24 Feb 2020 17:49:08 GMT
etag
"d9d8a7b9719ef764bf9b4d8f74da5ef5"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.091
accept-ranges
bytes
section-io-id
a87d60d7d92c9ae2674bea0e27913bd6
section-origin-responded
true
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 253E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1683830.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.33.229 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress11
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails

Response headers

status
200
date
Tue, 25 Feb 2020 17:23:24 GMT
content-type
text/html
content-length
851
last-modified
Wed, 29 Jan 2020 12:33:12 GMT
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.031
section-origin-responded
true
age
2350025
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
8ca96f917c97e3fa2f7b853f745d3768
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
12ae01d498fd998263b555e99880c6838ef6acca33fcd2e1cb12367a99e928f4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
index.html
js.driftt.com/deploy/assets/ Frame 2F6C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1582651500000/65e63pi6mu5c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.62 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-62.fra6.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://zix.com/Resources/Blog/February-2019/Fake-Board-Meeting-Reschedule-Emails

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
894
server
nginx
last-modified
Mon, 24 Feb 2020 19:42:01 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 25 Feb 2020 17:23:15 GMT
etag
"e8f7068735db78c98b6b3f7204442c40"
cache-control
max-age=10
x-cache
Hit from cloudfront
via
1.1 89c822bb1ce1445a7be6d1057088cfbf.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
rQla0-2MOICFW-XHIpnL9z7gyp2xTgrpLeFAeT9yBqfZuJ98akS9Cg==
age
9

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate undefined| a undefined| c function| jsonFeed object| OneTrust object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper function| o function| drift function| driftt function| gtag function| hj object| _hjSettings object| google_tag_manager function| positionMainNav undefined| $ function| jQuery object| drupalSettings object| Drupal object| bootstrap string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| __core-js_shared__ object| platform boolean| __DRIFTT_WIDGET_INCLUDED__ string| __DRIFT_INSTANCE_ID__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__

2 Cookies

Domain/Path Name / Value
.zix.com/ Name: _hjid
Value: b46565c0-7ebc-4006-9bc1-71c47d823aa9
zix.com/ Name: driftt_aid
Value: bc412063-3141-46da-abcd-0274d4a697a4

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.googleapis.com
geolocation.onetrust.com
js.driftt.com
optanon.blob.core.windows.net
p.typekit.net
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
use.typekit.net
vars.hotjar.com
www.bugherd.com
www.google-analytics.com
www.googletagmanager.com
zix.com
13.35.253.62
147.75.100.69
147.75.32.125
147.75.33.229
199.30.234.249
2001:4de0:ac19::1:b:3b
2606:4700:10::6814:b944
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:81d::200a
2a00:1450:400c:c0a::9a
34.201.179.37
52.239.137.4
95.100.67.47
0e61bbf1fcf3573627de44aa6799cce3ed481ae1962ad7d98f9a996db96f8c8f
12ae01d498fd998263b555e99880c6838ef6acca33fcd2e1cb12367a99e928f4
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
330f669838be77a98c44d2f6549f8535ce664ae1593dbdb36d42f3f36e98c9d5
3388130914aa9782e9d5a20234f4dcd5055bd86a9a9ed579ab84a597107c3593
4716126ef325ef68d8bb8801216166799c91292eef8beee02067afd9a8169b54
49ce8c94d63dfb2bf830194b84d9fb5bd38c7ca61d5e599ffeff4eb491333352
4d6fdcd6ed1721051a313f7f260de5850bdb3eef85858c3d11e46e047fdd8695
52f0e109398bbca80c2bd857de83176e41157962a6c04625c93c39e86d9aa39c
5b98faa2b877cc7140b6dada109d63c0aa85b4426c310b3ef602fb520a685f32
5ffb7db4ba21857f98eeed6d7d85f37072ee1afa7be2c0d590578c23e298d40a
6faed0e4b708dd466ed2caf20a877b4b99ce8f938d31caa3af6f70772ba641ac
7f4e0995d26305f533c4b3c1c083b2df3fb5e7bcf56942b7e1d8fcd0a93170f8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8c20518cd7e51066b82e8a8a1e8035210741cf808c02268915747960f531061c
a4dfda358ff578bb745a551b9a298dbcaf1e178964708ad5dd24888c1b793650
a8af334224c5b2c11d642e53dc86a56bd93d83e94064f060e2008bf6baeefb5c
b0817a0d6a87f2d42532035e42b20ea55cfaa5ca1092c761f5fc5e734790bdbf
bb1c01944e45fcba393d1a7b7ed8269bdebbcc2a2d9fa4c8ac3dfba1b434b310
ccf3c4413cd84668a268612e463fdfd1ce9231a319a8c64d9b6240c8e3b2966c
d26516bbdbb417efc0b2f9d1af071b402e6057353e8a8ac6b972298a6d1dc545
e8d326965a5175e3001732d1fb5ef5a25d17cace78b3125617dc38c9726a5c3d
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb1bd595c36a9da5b069834dfccb512a186a280e1a9e4c14bb074d41fcf03707
edbe5b0efd18f8a8b39e294b847a72289fd77b2e370cb8f6edc9e1a34f2c2330
fbd9c9cc0c72d2921e1d9290f5201de1404253d07bf362738d03bc607c1670c3