ironscales.com Open in urlscan Pro
54.201.65.7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r
Effective URL:
https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_cam...
Submission: On August 31 via manual (August 31st 2020, 1:33:23 pm UTC) from US

Summary HTTP 123 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 35 IPs in 8 countries across 27 domains to perform 123 HTTP transactions. The main IP is 54.201.65.7, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is ironscales.com.
TLS certificate: Issued by Amazon on August 20th 2020. Valid for: a year.

This is the only time ironscales.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.88.88.165 52.88.88.165	16509 (AMAZON-02) (AMAZON-02)
73	54.201.65.7 54.201.65.7	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:200... 2a04:4e42:200::621	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
1	143.204.208.197 143.204.208.197	16509 (AMAZON-02) (AMAZON-02)
5	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2008	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	172.217.23.162 172.217.23.162	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:10c... 2a02:26f0:10c:382::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
3	147.75.102.203 147.75.102.203	54825 (PACKET) (PACKET)
2	104.109.95.62 104.109.95.62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.201.112.186 35.201.112.186	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
1	134.213.193.62 134.213.193.62	15395 (RACKSPACE...) (RACKSPACE-LON)
2	18.214.205.154 18.214.205.154	14618 (AMAZON-AES) (AMAZON-AES)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1 5	104.108.144.126 104.108.144.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	54.171.23.184 54.171.23.184	16509 (AMAZON-02) (AMAZON-02)
1	34.246.206.139 34.246.206.139	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:1e00:c:90ee:6000:21	16509 (AMAZON-02) (AMAZON-02)
1	52.212.239.19 52.212.239.19	16509 (AMAZON-02) (AMAZON-02)
1	107.23.162.152 107.23.162.152	14618 (AMAZON-AES) (AMAZON-AES)
1	147.75.33.131 147.75.33.131	54825 (PACKET) (PACKET)
2	143.204.201.78 143.204.201.78	16509 (AMAZON-02) (AMAZON-02)
123	35

1 52.88.88.165 (Boardman, United States)

ASN16509 (AMAZON-02, US)

msg.ironscales.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

73 54.201.65.7 (Boardman, United States)

ASN16509 (AMAZON-02, US)

ironscales.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::621 (Ascension Island)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.208.197 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-208-197.fra53.r.cloudfront.net

d26x5ounzdjojj.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.96.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-lon09.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.72.206 (United States)

ASN13335 (CLOUDFLARENET, US)

get.ironscales.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s22-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:382::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.102.203 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress15

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.95.62 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-95-62.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.112.186 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.194.58 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.213.193.62 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)

954-hbd-655.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.214.205.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

web-analytics.engagio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.108.144.126 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-126.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.23.184 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.246.206.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:1e00:c:90ee:6000:21 (United States)

ASN16509 (AMAZON-02, US)

dn1f1hmdujj40.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.239.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

ws1.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.23.162.152 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

nextroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.131 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress9

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.201.78 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-78.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
78	ironscales.com msg.ironscales.com ironscales.com get.ironscales.com	4 MB
6	adroll.com 1 redirects s.adroll.com d.adroll.com	68 KB
5	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com ws1.hotjar.com	73 KB
5	marketo.com app-lon09.marketo.com	73 KB
4	google.com 1 redirects www.google.com	1 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
2	driftt.com js.driftt.com	45 KB
2	engagio.com web-analytics.engagio.com	1 KB
2	google.de www.google.de	213 B
2	doubleclick.net 1 redirects stats.g.doubleclick.net googleads.g.doubleclick.net	2 KB
2	fullstory.com edge.fullstory.com rs.fullstory.com	60 KB
2	marketo.net munchkin.marketo.net	7 KB
2	google-analytics.com 1 redirects www.google-analytics.com	19 KB
2	cloudfront.net d26x5ounzdjojj.cloudfront.net dn1f1hmdujj40.cloudfront.net	10 KB
1	hotjar.io vc.hotjar.io	115 B
1	nextroll.com nextroll.com	2 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	135 B
1	twitter.com analytics.twitter.com	651 B
1	mktoresp.com 954-hbd-655.mktoresp.com	475 B
1	t.co t.co	448 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	googletagmanager.com www.googletagmanager.com	49 KB
1	gstatic.com www.gstatic.com	132 KB
1	polyfill.io polyfill.io	723 B
1	googleapis.com fonts.googleapis.com	1016 B
123	27

	Domain	Requested by
73	ironscales.com	msg.ironscales.com ironscales.com get.ironscales.com
5	s.adroll.com	1 redirects www.googletagmanager.com ironscales.com s.adroll.com
5	app-lon09.marketo.com	ironscales.com app-lon09.marketo.com
4	get.ironscales.com	ironscales.com get.ironscales.com
4	www.google.com	1 redirects ironscales.com www.gstatic.com
2	js.driftt.com	ironscales.com js.driftt.com
2	web-analytics.engagio.com	ironscales.com dn1f1hmdujj40.cloudfront.net
2	px.ads.linkedin.com	1 redirects ironscales.com
2	www.google.de	ironscales.com
2	munchkin.marketo.net	msg.ironscales.com munchkin.marketo.net
2	www.google-analytics.com	1 redirects www.googletagmanager.com
1	vc.hotjar.io	script.hotjar.com
1	nextroll.com	ironscales.com
1	ws1.hotjar.com	script.hotjar.com
1	dn1f1hmdujj40.cloudfront.net	web-analytics.engagio.com
1	in.hotjar.com	script.hotjar.com
1	d.adroll.com	ironscales.com
1	d.adroll.mgr.consensu.org	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	954-hbd-655.mktoresp.com	munchkin.marketo.net
1	rs.fullstory.com	edge.fullstory.com
1	t.co	ironscales.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	script.hotjar.com	static.hotjar.com
1	www.linkedin.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	edge.fullstory.com	msg.ironscales.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	ironscales.com
1	www.gstatic.com	www.google.com
1	d26x5ounzdjojj.cloudfront.net	ironscales.com
1	polyfill.io	ironscales.com
1	fonts.googleapis.com	ironscales.com
1	msg.ironscales.com
123	38

This site contains links to these domains. Also see Links.

Domain
ironscales.channeltivity.com
www.linkedin.com
www.facebook.com
twitter.com
www.youtube.com
members.ironscales.com
facebook.com
searchsecurity.techtarget.com
solutionsreview.com
www.thesslstore.com
www.scholarpedia.org
apps.apple.com
play.google.com
www.scmagazine.com

Subject Issuer	Validity	Valid
ironscales.com Amazon	`2020-08-20` - `2021-09-19`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-08-17` - `2021-04-17`	8 months	crt.sh
www.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
app-lon09.marketo.com Cloudflare Inc ECC CA-3	`2020-07-01` - `2021-07-01`	a year	crt.sh
get.ironscales.com Cloudflare Inc ECC CA-3	`2020-07-15` - `2021-07-15`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-08-16` - `2020-11-14`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
edge.fullstory.com GTS CA 1D2	`2020-08-29` - `2020-11-27`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-08-17` - `2020-11-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-02-18` - `2021-02-06`	a year	crt.sh
*.fullstory.com Let's Encrypt Authority X3	`2020-08-01` - `2020-10-30`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-08-11` - `2020-11-03`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.engagio.com Sectigo RSA Organization Validation Secure Server CA	`2020-06-16` - `2021-06-16`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-08-15` - `2020-11-13`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.hotjar.com Amazon	`2020-08-29` - `2021-09-28`	a year	crt.sh
nextroll.com Let's Encrypt Authority X3	`2020-07-04` - `2020-10-02`	3 months	crt.sh
vc.hotjar.io Let's Encrypt Authority X3	`2020-07-14` - `2020-10-12`	3 months	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Frame ID: DD20403A7AB918615C92368E63B1D728
Requests: 119 HTTP requests in this frame

Frame: https://get.ironscales.com/dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Frame ID: E2E45ECDD4A60DC78E31E5245CD70791
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdV36AUAAAAAEIJ4sLJOqpAo1gGvK0Egs5JMMXh&co=aHR0cHM6Ly9pcm9uc2NhbGVzLmNvbTo0NDM.&hl=en&v=QVh-Tz10ahidjrORgXOS1oB0&size=invisible&cb=qq1wfyclggw
Frame ID: F865902D98C74ECFACA61EAB1EB9AF62
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 7B262FB772AA9F42C413759244E980AC
Requests: 1 HTTP requests in this frame

Frame: https://app-lon09.marketo.com/index.php/form/XDFrame
Frame ID: 75565D7A7B9EF1C9C26020BB7B856E88
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 585A38F7BF67F0C27C3420AEEBC8B139
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r Page URL
https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=e... Page URL

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

123
Requests

99 %
HTTPS

39 %
IPv6

27
Domains

38
Subdomains

35
IPs

8
Countries

4159 kB
Transfer

6168 kB
Size

3
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://ironscales.channeltivity.com/Login
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/ironscales/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ironscalesltd/

Search URL Search Domain Scan URL

URL: https://twitter.com/IRONSCALES

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCz14RKHtm4sKmfz8-Nw6A1A

Search URL Search Domain Scan URL

URL: https://members.ironscales.com/signin/
Title: SIGN IN

Search URL Search Domain Scan URL

URL: https://facebook.com/sharer/sharer.php?u=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&text=As%20a%20result%20of%20inattentional%20blindness%2C%20internet%20users%20are%20falling%20prey%20to%20phishing%20websites%20that%20use%20visual%20similarity%20clues%20to%20lure%20victims.

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Search URL Search Domain Scan URL

URL: https://searchsecurity.techtarget.com/definition/credential-theft
Title: credential theft

Search URL Search Domain Scan URL

URL: https://solutionsreview.com/endpoint-security/enterprises-face-a-400-percent-increase-in-phishing-urls/
Title: a 400% increase in new phishing websites

Search URL Search Domain Scan URL

URL: https://www.thesslstore.com/blog/1-4-million-new-phishing-websites-created-every-month/
Title: phishing websites only stay active for 4-8 hours

Search URL Search Domain Scan URL

URL: http://www.scholarpedia.org/article/Inattentional_blindness
Title: inattentional blindness.

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/ironscales/id1460727630

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.efim.ironscales&hl=en

Search URL Search Domain Scan URL

URL: https://www.scmagazine.com/review/ironscales-ironscales/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r Page URL
https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=133917740&t=pageview&_s=1&dl=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&dr=http%3A%2F%2Fmsg.ironscales.com%2Fq2DH000BF40l5P04B0Qh00r&ul=en-us&de=UTF-8&dt=Why%20You%20Need%20Visual%20Similarity%20To%20Prevent%20Phishing%20Lures&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=632680538&gjid=1989167785&cid=276292916.1598880788&tid=UA-53083811-1&_gid=27469277.1598880788&_r=1&gtm=2wg8j25NWKDSR&z=1748114168 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_gid=27469277.1598880788&gjid=1989167785&_v=j83&z=1748114168 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168&slf_rd=1&random=2192796427

Request Chain 90

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&time=1598880788525 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D21479%26url%3Dhttps%253A%252F%252Fironscales.com%252Fblog%252Fphishing-websites-using-visual-similarity-to-lure-victims%252F%253Futm_source%253Demail_nurture%2526utm_campaign%253Dtechtarget_nurture%2526utm_medium%253Demail_04_body2%2526mkt_tok%253DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9%26time%3D1598880788525%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&time=1598880788525&liSync=true

Request Chain 109

https://s.adroll.com/j/exp/7HNCXVM525FBDJRTW6VK7M/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 111

https://d.adroll.mgr.consensu.org/consent/iabcheck/7HNCXVM525FBDJRTW6VK7M?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2 HTTP 302
https://d.adroll.com/consent/check/7HNCXVM525FBDJRTW6VK7M/?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2

123 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK q2DH000BF40l5P04B0Qh00r Show response
msg.ironscales.com/ 694 B
830 B 726ms
702ms Document
text/html 52.88.88.165
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r

Protocol

HTTP/1.1

Server

52.88.88.165 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.4.6 (Ubuntu) /

Resource Hash

ca7e2d1dbd0e7d9ec970d62f933a22e2ce6248588aa719dca702e8b24499375a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: msg.ironscales.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx/1.4.6 (Ubuntu)
Cache-Control: private, no-cache, no-store, max-age=0
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip

GET
H2 200 Primary Request / Show response
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 81 KB
18 KB 581ms
184ms Document
text/html 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Requested by

Host: msg.ironscales.com
URL: http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

756520d17240fe9e348523e5628dcca74828e0d8fc2bb75542cde9874cb2645b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: ironscales.com
:scheme: https
:path: /blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:07 GMT
content-type: text/html
server: nginx
last-modified: Sat, 29 Aug 2020 20:42:24 GMT
expires: Mon, 31 Aug 2020 13:37:37 GMT
cache-control: no-cache no-cache, no-store
strict-transport-security: max-age=63072000; preload
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 RedHatText-Regular.otf
ironscales.com/fonts/ 56 KB
57 KB 191ms
187ms Font
application/octet-stream 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/fonts/RedHatText-Regular.otf

Requested by

Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

99d89e61517085fec5ffb99f964e89544c9940864f5032ed7b16821168881647

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://ironscales.com
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:07 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 57388
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
etag: "5e45701a-e02c"
strict-transport-security: max-age=63072000; preload
content-type: application/octet-stream
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 cookieconsent.min.css
ironscales.com/plugins/cookieconsent2/ 4 KB
2 KB 364ms
359ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/cookieconsent2/cookieconsent.min.css?h=ab82b480

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

917deb54b8880710fc47abd93232c093cb473608eb454cbffe19d7f218c761a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Aug 2018 06:56:14 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 cookieconsent.min.js Show response
ironscales.com/plugins/cookieconsent2/ 19 KB
8 KB 334ms
318ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/cookieconsent2/cookieconsent.min.js?h=5d470f32

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Aug 2018 06:56:14 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 bootstrap-reboot.min.css
ironscales.com/plugins/bootstrap/dist/css/ 4 KB
2 KB 366ms
361ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/bootstrap/dist/css/bootstrap-reboot.min.css?h=990f4081

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

740458b82de9774c1affb4781e4b7fb11db37cb1c281b9d5010dac3f084d7b40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 bootstrap-grid.min.css
ironscales.com/plugins/bootstrap/dist/css/ 47 KB
9 KB 365ms
360ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/bootstrap/dist/css/bootstrap-grid.min.css?h=4edd0125

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0fd02f47413390d668599552bc8ddc87eb9ffd9e62ceb22971bb32915a61c0f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 irn.css
ironscales.com/css/ 108 KB
22 KB 365ms
360ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/css/irn.css?h=b7aa9854

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

72ae122537d166d481e830a3a959c37f0802dc3626f02fc97967bec1a819b423

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 27 Aug 2020 19:49:18 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 sm-core-css.css
ironscales.com/plugins/smartmenus/css/ 887 B
801 B 364ms
360ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/smartmenus/css/sm-core-css.css?h=ad6788c1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

979bddf384e612e43d9adf9acc93dd1aaba02cf7ea54cd0cf2ea4381e6a63ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 sm-mint.css
ironscales.com/plugins/smartmenus/css/sm-mint/ 11 KB
3 KB 363ms
359ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/smartmenus/css/sm-mint/sm-mint.css?h=4c80fb40

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6705d9400604531f340784c8d7098be4f67c1b2391d08eb78d9def3d16b97653

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 May 2020 22:49:39 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 jssocials.css
ironscales.com/plugins/jssocials/ 1 KB
735 B 365ms
361ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/jssocials/jssocials.css?h=25235a63

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

bdd9d2b1a18d8e20e32bbd0b98e617f0d97ef8537f05b6820325a04a0461b1e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 jssocials-theme-minima.css
ironscales.com/plugins/jssocials/ 9 KB
1 KB 364ms
361ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/jssocials/jssocials-theme-minima.css?h=b5600ce4

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

31d5ecdab7ca70e756d2c6992135a68a3f678c6aec2cce12ac77a495e7213ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Nov 2017 16:51:20 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1016 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fira+Sans:300,300i,400,400i,500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

07cf529694d967a21c626b4b0a4cf087867f460a74b1e297951539de974b8941

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 13:33:07 GMT
server: ESF
date: Mon, 31 Aug 2020 13:33:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 31 Aug 2020 13:33:07 GMT

GET
H2 200 polyfill.js Show response
polyfill.io/v3/ 515 B
723 B 26ms
9ms Script
text/javascript 2a04:4e42:200::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.js?features=Symbol%2CObject.getOwnPropertySymbols%2CSymbol.asyncIterator%2CSymbol.for%2CSymbol.hasInstance%2CSymbol.isConcatSpreadable%2CSymbol.iterator%2CSymbol.keyFor%2CSymbol.match%2CSymbol.replace%2CSymbol.prototype.description%2CSymbol.search%2CSymbol.species%2CSymbol.split%2CSymbol.toPrimitive%2CSymbol.toStringTag%2CSymbol.unscopables

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::621 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

27f9ede97f4f869a890513bc9549dfb27ee838892aab7e5b7ecb73b5496d41c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 1448095
detected-user-agent: Chrome/83.0.4103
status: 200
request_came_from_shield: FRA
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 242
referrer-policy: origin-when-cross-origin
last-modified: Fri, 14 Aug 2020 10:23:04 GMT
date: Mon, 31 Aug 2020 13:33:07 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/83.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 773 B
595 B 21ms
18ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdV36AUAAAAAEIJ4sLJOqpAo1gGvK0Egs5JMMXh&onload=irn_render_v2_captchas&render=explicit

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

532dbaf595f0ca15600596aa7ef10947ad53fa3101b179afd27d71068475e320

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 503
x-xss-protection: 1; mode=block
expires: Mon, 31 Aug 2020 13:33:07 GMT

GET
H/1.1 200
OK L54a77f6679597466.js Show response
d26x5ounzdjojj.cloudfront.net/tbw/pixels/ 2 KB
2 KB 99ms
31ms Script
application/javascript 143.204.208.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26x5ounzdjojj.cloudfront.net/tbw/pixels/L54a77f6679597466.js
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.208.197 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-208-197.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1683930fc1ffefde62012b4b55b483988a3d16535d6f733f97527f2dbcc1f0d6

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sun, 30 Aug 2020 23:25:15 GMT
Via: 1.1 3f6fbf009bb5cf969f92ba2e59576614.cloudfront.net (CloudFront)
Last-Modified: Tue, 23 Apr 2019 21:22:51 GMT
Server: AmazonS3
Age: 50873
ETag: "db6399a6748bed176d2d8074b7221b19"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA53-C1
Accept-Ranges: bytes
Content-Length: 1568
X-Amz-Cf-Id: 0yudCcumHv3JNxDCBE2XN3fkVNkaF14stHWfQzSL8bzSjZfFhxmNeQ==

GET
H2 200 forms2.min.js Show response
app-lon09.marketo.com/js/forms2/js/ 205 KB
68 KB 78ms
29ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1192
status: 200
cf-request-id: 04e651c4980000cda35bb1a200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "5c11dd-33237-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 5cb71f1a8e8acda3-CDG
expires: Mon, 31 Aug 2020 17:33:07 GMT

GET
H2 200 slick.css
ironscales.com/plugins/slick/ 2 KB
942 B 364ms
361ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/slick/slick.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 slick-theme.css
ironscales.com/plugins/slick/ 3 KB
1 KB 364ms
362ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/slick/slick-theme.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 ironscales-logo-w-slogan.svg
ironscales.com/img/logos/ 29 KB
14 KB 334ms
319ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/logos/ironscales-logo-w-slogan.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ffb2ed5f41e1030978afdfbd2652a9263eca69657ed6bdc7e4d8962d88bf9c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 linked-in.svg
ironscales.com/img/icons/socials/ 502 B
679 B 334ms
319ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/linked-in.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

31401db8663f8c528cdc48964e64784ff1f2f6c539281c6ccdeed18736bf99cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 facebook.svg
ironscales.com/img/icons/socials/ 287 B
569 B 334ms
319ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/facebook.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0a010ab1080b149864b2fe49a7b0be107a83398fd0cb7e8163af59215968ec23

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 twitter.svg
ironscales.com/img/icons/socials/ 699 B
775 B 334ms
320ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/twitter.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5aec1442af41f697e3eea03e28a4237fc6457682f07542fcdb71cba7e1bc665f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 youtube.svg
ironscales.com/img/icons/socials/ 275 B
556 B 334ms
320ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/youtube.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ab2e5351e295b309024701645167edf1f3db7f0b78802087f6f88fc8181a26ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 icon-yellow-platform.png
ironscales.com/blocks/menu-data// 1 KB
1 KB 334ms
320ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data//icon-yellow-platform.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2964cc44f6962deb50e828d85bd3dbed098f73ebdab3d9d6acfba1eaf03bc56d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1176
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-498"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 phish.png
ironscales.com/blocks/menu-data/ 1 KB
2 KB 334ms
321ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/phish.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6aaf88ca5a2ce642ac332365498091049ecb0b56994cc06a6e8a267c9c2e5f94

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1493
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-5d5"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 icon_emulator.png
ironscales.com/blocks/menu-data/ 3 KB
4 KB 358ms
345ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/icon_emulator.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2af953a3ea85989c41ade79fe80f4076a457b6767bd676daa9e3c1be45b66a77

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 3541
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-dd5"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 shield.png
ironscales.com/blocks/menu-data/ 1 KB
2 KB 359ms
345ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/shield.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dca8ffcd5d9d0432a7d04099b090526d5b361e07eaade975de05c3d2d534c7ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1278
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-4fe"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 ironsights.png
ironscales.com/blocks/menu-data/ 2 KB
2 KB 359ms
345ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/ironsights.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2f0ebd4dd8cfa1bffaab501c03f130da31bba67697de77da5c300c7dba88ce28

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1629
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-65d"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 world.png
ironscales.com/blocks/menu-data/ 2 KB
2 KB 361ms
348ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/world.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9bc1c6870463b90e5ee4b67ec05ea6b718313f367bc014a33f07143577995ca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1725
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-6bd"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 brain.png
ironscales.com/blocks/menu-data/ 2 KB
2 KB 361ms
348ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/brain.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e159b8427fb1c84e0b88db35fe205a17c4b529e58bc1a12aab2219d56b8a48ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1657
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-679"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 themis.png
ironscales.com/blocks/menu-data/ 2 KB
2 KB 360ms
347ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/menu-data/themis.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b52ef42420ae4b652732a82263062cbbd160b90b87dcae633d7025250258d786

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1716
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-6b4"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 resize_office-365-fake-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 79 KB
79 KB 360ms
347ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/resize_office-365-fake-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

53a03983dfe6ee0c0047efb842b26ec005bebfb6939ea2ee54652159ee85fb30

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 80627
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-13af3"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 blur_fake-office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 66 KB
66 KB 359ms
347ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/blur_fake-office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

784b1123d0378500abd7c0cf4b19998978d8542b003d38c0705877e97f23d113

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 67284
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-106d4"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 creative_fake-office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 35 KB
36 KB 359ms
346ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/creative_fake-office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e35f2c4e49a5539fffe1d5760b5d0eb5f59ef819b688029d996e2c5593ec2e07

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 36268
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-8dac"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 creative2_fake-office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 49 KB
49 KB 358ms
346ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/creative2_fake-office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e89f581fef71f1a952259ccf2e5db363de85ab3324efa408675096e745f93a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 50047
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-c37f"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 retro_fake-office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 53 KB
54 KB 358ms
346ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/retro_fake-office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

20b80cb54fee262e87c2cde4aa9f9292ea82594df9e0ea990dade9bb6784f681

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 54375
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-d467"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 sense-of-urgency_fake-office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 65 KB
66 KB 369ms
357ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/sense-of-urgency_fake-office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0c1a1c1fc493c1d57eef5ebb799169ab9cea63f550dd3f02b419eaadfd70757e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 66993
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-105b1"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 real-login-page_office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/ 35 KB
36 KB 368ms
357ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/real-login-page_office-365-login-page.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8c18dfa681034302f722332c999f5b77e1949baebece922d63f7e3268a9f1c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 36286
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-8dbe"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 ad-1.jpg
ironscales.com/blocks/blog/ 35 KB
35 KB 368ms
357ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/blog/ad-1.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2dbb0224fb1f918a87d886944f9cca709e324d57fc27201e62c405c51a2fca31

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 35626
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:41 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3d9-8b2a"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 apps-mobile.png
ironscales.com/blocks/blog/ 21 KB
22 KB 367ms
356ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/blog/apps-mobile.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4e98a7d205cd00cb26a5c7defc747e0ef6eb8553f2f6ec3f8f5bf1530cf5bec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 21933
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:41 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3d9-55ad"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 ad-2.jpg
ironscales.com/blocks/blog/ 25 KB
26 KB 367ms
356ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/blog/ad-2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

46aa540f329f9bd3360679841713244fd83e7b67aa970dd79edb5f69b77e9990

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 25695
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:41 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3d9-645f"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 facebook-blue.svg
ironscales.com/img/icons/socials/ 392 B
628 B 366ms
355ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/facebook-blue.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a0464a4a259702fe4f10712d5855e9eb3308d0b1621b18f0da31a19f986b52cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 twitter-blue.svg
ironscales.com/img/icons/socials/ 1 KB
946 B 365ms
354ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/twitter-blue.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f46ce772d96a3784bfaec3a0eccb307769df339a4784033d03b1c8947ebd73c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 linkedin-blue.svg
ironscales.com/img/icons/socials/ 681 B
757 B 364ms
354ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/linkedin-blue.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5205f4a54c7197a10cb469255d5e19950c7fd98519c72aa27b4775753a52a056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 logo-ironscales-pale-grey.svg
ironscales.com/img/logos/ 20 KB
5 KB 360ms
350ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/logos/logo-ironscales-pale-grey.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1e3b519ced35877c58b1f442cf90829046eee37e2cdb94d69d38d35d421e364c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 linked-in-pale-grey.svg
ironscales.com/img/icons/socials/ 846 B
810 B 359ms
349ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/linked-in-pale-grey.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

84af60691ad337be76a27bc232a4be3d6f7926a890a1a11a0a776a8e96ca2306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 facebook-pale-grey.svg
ironscales.com/img/icons/socials/ 497 B
657 B 359ms
349ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/facebook-pale-grey.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

bb69f0d12ae7cb3cfbbb836dfccbcf6e5677571c7c633bc31febceb4fe41846c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 twitter-pale-grey.svg
ironscales.com/img/icons/socials/ 942 B
842 B 358ms
349ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/twitter-pale-grey.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

99edc6dceb902f19aa26fb5e5e2c8ccdf293d84b3faf5daa38f28e191bef5203

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 youtube-pale-grey.svg
ironscales.com/img/icons/socials/ 677 B
727 B 358ms
348ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/youtube-pale-grey.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2e8e5d22dacefe63f5c5e3e5271de7c87d0f6e9f3fcd9f7b43024d8b4119e59e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 footer-iso-logo.png
ironscales.com/iron-attachments/menu/ 9 KB
10 KB 367ms
358ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/iron-attachments/menu/footer-iso-logo.png?v2

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ee51a258b519eb461f1bdbfd81e76e44e7fc37f750f5904bff812abf794356f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 9491
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-2513"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 image.png
ironscales.com/blocks/modals/exitintent_modals/emulator/ 26 KB
27 KB 367ms
358ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/modals/exitintent_modals/emulator/image.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

499a55afdf504da273f9b95cc3ad86958f160da5fcebde1cfd325382228ef13a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 26935
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 28 Jul 2020 04:04:42 GMT
server: nginx
x-frame-options: DENY
etag: "5f1fa3da-6937"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 jquery.min.js Show response
ironscales.com/plugins/jquery/ 86 KB
35 KB 194ms
194ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/jquery/jquery.min.js?h=88523924

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 bootstrap.min.js Show response
ironscales.com/plugins/bootstrap/dist/js/ 57 KB
19 KB 190ms
189ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/bootstrap/dist/js/bootstrap.min.js?h=6778fed3

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 jquery.smartmenus.min.js Show response
ironscales.com/plugins/smartmenus/ 24 KB
9 KB 202ms
186ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/smartmenus/jquery.smartmenus.min.js?h=19df7028

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2fe668f50e1b19f758d3a06ac0c60b0e869c6b31fa1ab43190b6af3dd4f46b8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 selection-sharer.css
ironscales.com/plugins/selection-sharer/ 7 KB
3 KB 203ms
187ms Stylesheet
text/css 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/selection-sharer/selection-sharer.css?h=a772839d

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

315c33c94a93b50cd6acfcfe7e8678a5e7ee381d82c6253af2d82de91347a228

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: text/css
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 selection-sharer.js Show response
ironscales.com/plugins/selection-sharer/ 9 KB
3 KB 203ms
187ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/selection-sharer/selection-sharer.js?h=096db612

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0bcb34034069333dd04364cdb8f60bb4d741f1cdb1f0941eecb10970bfe24213

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:47 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 jssocials.min.js Show response
ironscales.com/plugins/jssocials/ 9 KB
4 KB 204ms
188ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/jssocials/jssocials.min.js?h=f4a6d0b1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e8d46dfb4ca0d270a4789461c199b3a7c7ce9ba6a733d6a4abc59ccdafa71170

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 Nov 2017 16:51:20 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 irn.js Show response
ironscales.com/js/ 43 KB
13 KB 204ms
189ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/js/irn.js?h=90ccce02

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e426b97287b55ba93461f695ee56599c817c3faafad90bf55cb3956979ed3dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Aug 2020 17:30:41 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 teknkl-simpledto-1.0.4.js Show response
ironscales.com/plugins/marketo/ 2 KB
2 KB 206ms
191ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

378ab8d9a44d2be7565da804a20b5e6229694d3332e97b92c770675dd379042f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 20 Mar 2020 14:44:46 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 irn-react-app.js Show response
ironscales.com/js/react-dist/ 340 KB
114 KB 207ms
191ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0e905a3e0020faf88b290260057a76ea7692bd4f13a0c9ea0b1dbcdce96d4457

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 29 Aug 2020 00:55:50 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 jquery.cookie.js Show response
get.ironscales.com/js/public/ 4 KB
2 KB 222ms
39ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.ironscales.com/js/public/jquery.cookie.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59368688c89a33cbc89724cd2c2021c1ec1eefb8f88992e77cb8f8fc77aff5cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3703
status: 200
content-length: 1493
cf-request-id: 04e651c7320000047eb9b18200000001
last-modified: Wed, 22 Jul 2020 19:04:05 GMT
server: cloudflare
etag: "2210b5-1097-5ab0c6752f340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5cb71f1ebd7f047e-CDG
expires: Mon, 31 Aug 2020 17:33:08 GMT

GET
H2 200 jQueryString-2.0.2-Min.js Show response
get.ironscales.com/js/public/ 1 KB
773 B 223ms
39ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.ironscales.com/js/public/jQueryString-2.0.2-Min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4f214d5cd7651531508e62b3e2a852a3e17114a4f49c0dafa5ef9af512c843c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3703
status: 200
content-length: 464
cf-request-id: 04e651c7330000047eb9b19200000001
last-modified: Wed, 22 Jul 2020 19:04:05 GMT
server: cloudflare
etag: "2210a5-522-5ab0c6752f340"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5cb71f1ebd83047e-CDG
expires: Mon, 31 Aug 2020 17:33:08 GMT

GET
H2 200 jquery.exitintent.js Show response
ironscales.com/plugins/exitintent/ 2 KB
900 B 333ms
318ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/exitintent/jquery.exitintent.js?h=74569c82

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d406c36819ce680fc36255ce69e8d5a8e4a4dd99acd804fc8f7709d970c153f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 29 Jun 2020 17:51:45 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:38 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/ 337 KB
132 KB 15ms
6ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdV36AUAAAAAEIJ4sLJOqpAo1gGvK0Egs5JMMXh&onload=irn_render_v2_captchas&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

919ce225464d5e8d79944356fcaa74323a12f8fc847eec6c7a877f9e752f7fb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 24 Aug 2020 21:36:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Aug 2020 04:38:28 GMT
server: sffe
age: 575771
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135073
x-xss-protection: 0
expires: Tue, 24 Aug 2021 21:36:57 GMT

GET
H2 200 icon_search.svg
ironscales.com/img/icons/ 754 B
796 B 367ms
359ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/icon_search.svg

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c3488adc1085dc5bfd98e0fed39687ee2693199b933f3f919acea2658418514e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 02:14:56 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 real-login-page_office-365-login-page.jpg
ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims// 35 KB
36 KB 367ms
359ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims//real-login-page_office-365-login-page.jpg?v=2020-04-14a

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8c18dfa681034302f722332c999f5b77e1949baebece922d63f7e3268a9f1c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 36286
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-8dbe"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 free-it-security-tools.png
ironscales.com/blog/free-phishing-url-scanner-stop-fake-login-attacks/ 847 KB
848 KB 366ms
358ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/free-phishing-url-scanner-stop-fake-login-attacks/free-it-security-tools.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

16f45d13e31204c9af864b9a3c4171ce024912edb20e36309e11d6c2ce3f527b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 867247
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 06 Aug 2020 03:36:21 GMT
server: nginx
x-frame-options: DENY
etag: "5f2b7ab5-d3baf"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 linkedin-fake-login.jpg
ironscales.com/blog/fake-login-pages-spoof-prominent-brands-phishing-attacks/ 2 MB
2 MB 367ms
360ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blog/fake-login-pages-spoof-prominent-brands-phishing-attacks/linkedin-fake-login.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4ba78cad3b10a0435c4744e6b2c42839738ae0349f6d59a3e7fb2a9216b0e226

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1639436
x-xss-protection: 1; mode=block
pragma: public
last-modified: Mon, 24 Aug 2020 14:45:11 GMT
server: nginx
x-frame-options: DENY
etag: "5f43d277-19040c"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 RedHatText-Medium.otf
ironscales.com/fonts/ 57 KB
57 KB 365ms
359ms Font
application/octet-stream 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/fonts/RedHatText-Medium.otf

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

defbb0dec48dbc91321c5a92128509816d8e8b77e085456782a883c4463b2810

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://ironscales.com
Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 58308
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
etag: "5e45701a-e3c4"
strict-transport-security: max-age=63072000; preload
content-type: application/octet-stream
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 DINAlternate-Bold.otf
ironscales.com/fonts/ 29 KB
29 KB 365ms
359ms Font
application/octet-stream 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/fonts/DINAlternate-Bold.otf

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aeb43a370be31e01b91498645292b9044eae37f5ffdd1d3c72f89948e13384c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://ironscales.com
Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 29204
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
etag: "5e45701a-7214"
strict-transport-security: max-age=63072000; preload
content-type: application/octet-stream
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d85943f9a3e66ded0349113d8aaac99a3158b3e604f9c8041e82aea681ccdbcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2caa0ed2d3622d9969bf2ffada067adc6194aed5d87ed36ca352b313d5c54910

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 376 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4842ef7436621848a836428439486a2f2e0b346ce5a8b4b9e3c79e46ac9032bf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 facebook-blue.svg
ironscales.com/img/icons/socials/ 392 B
628 B 300ms
296ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/facebook-blue.svg?v1

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

a0464a4a259702fe4f10712d5855e9eb3308d0b1621b18f0da31a19f986b52cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 twitter-blue.svg
ironscales.com/img/icons/socials/ 1 KB
946 B 300ms
297ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/twitter-blue.svg?v1

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f46ce772d96a3784bfaec3a0eccb307769df339a4784033d03b1c8947ebd73c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 linkedin-blue.svg
ironscales.com/img/icons/socials/ 681 B
757 B 300ms
297ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/socials/linkedin-blue.svg?v1

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

5205f4a54c7197a10cb469255d5e19950c7fd98519c72aa27b4775753a52a056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 145 KB
49 KB 46ms
45ms Script
application/javascript 2a00:1450:4001:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR

Requested by

Host: ironscales.com
URL: https://ironscales.com/js/irn.js?h=90ccce02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f517129448cda16f0e393da72d07918d61ee78f9e644c15e535ab76b3da36e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49581
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Aug 2020 13:33:08 GMT

GET
H2 200 getForm Show response
app-lon09.marketo.com/index.php/form/ 3 KB
2 KB 378ms
377ms Script
application/javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/index.php/form/getForm?munchkinId=954-HBD-655&form=26&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F&callback=jQuery112409274176115087405_1598880788068&_=1598880788069

Requested by

Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b567a34b05f370632f24f2e30be12afb778641fa521df6934a0c407da53b05e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cached: false
strict-transport-security: max-age=63113904
cf-ray: 5cb71f1f0910cda3-CDG
cf-request-id: 04e651c7610000cda35bb42200000001

GET
H2 200 arrow-right-dark.png
ironscales.com/img/icons/ 247 B
597 B 277ms
275ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/arrow-right-dark.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b916b2e0fe286bd873f470d227a5bd3415b8f04fd304fdf317e426b42ebae780

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 247
x-xss-protection: 1; mode=block
pragma: public
last-modified: Fri, 10 Apr 2020 03:01:22 GMT
server: nginx
x-frame-options: DENY
etag: "5e8fe182-f7"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 arrow-right.svg
ironscales.com/img/icons/ 245 B
534 B 277ms
275ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/arrow-right.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

33fcfc6403f3961b703d6b742f9f0732b3c83dd0c73a444cb2c759ce49e8e0b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 arrow-right-dark-simple.svg
ironscales.com/img/icons/ 344 B
585 B 277ms
276ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/arrow-right-dark-simple.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

430078364d0a1f8ed220fac73ad7c4a784d16ea9933436c31c6f00f1dc3c897f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 arrow-right-blue-simple.svg
ironscales.com/img/icons/ 344 B
586 B 277ms
276ms Image
image/svg+xml 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/arrow-right-blue-simple.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

afce2007ecd0cb8c9f401e5e43f837dbc1b90d95d7feb4340409094df3c4dd91

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 Feb 2020 15:49:46 GMT
server: nginx
x-frame-options: DENY
content-type: image/svg+xml
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 1048
date: Mon, 31 Aug 2020 13:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Mon, 31 Aug 2020 15:15:40 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 114ms
38ms Script
text/javascript 172.217.23.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

509bc86c3091dae312dbaa4d1f3aa0d23d1e36658c4c740f133979e943467f87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11322
x-xss-protection: 0
server: cafe
etag: 12800975097695341278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 31 Aug 2020 13:33:08 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 60ms
40ms Script
application/x-javascript 2a02:26f0:10c:382::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:382::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:08 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=24776
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 115ms
37ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
age: 48551
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-fra19163-FRA
last-modified: Mon, 10 Aug 2020 18:10:59 GMT
x-timer: S1598880788.488015,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 hotjar-250997.js Show response
static.hotjar.com/c/ 5 KB
2 KB 56ms
56ms Script
application/javascript 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-250997.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress15

Software

Resource Hash

5bf97cc4469c3d16f4496257c9e01e1c54e19e9838107027dd76f36f4a149b46

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: br
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjarjs
age: 0
status: 200
section-io-cache: Miss
vary: Accept-Encoding
cache-control: max-age=60
etag: W/e6afab9c058aaf735293fcec16434480
access-control-max-age: 600
section-io-origin-status: 304
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.020
accept-ranges: bytes
section-io-id: 18229854a4a8a6b8bba3e5830cfbc71f
section-origin-responded: true

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 99ms
31ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: msg.ironscales.com
URL: http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 197 KB
60 KB 95ms
27ms Script
application/javascript 35.201.112.186
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: msg.ironscales.com
URL: http://msg.ironscales.com/q2DH000BF40l5P04B0Qh00r
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: dd41e1d8a4bf143bd7aa909c1279541dc4cf92870a3fd911f646aa55d64b151b

Request headers

Origin: https://ironscales.com
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:24:42 GMT
content-encoding: gzip
age: 506
x-guploader-uploadid: ABg5-UzP4FhMP3gvwLs8VzJYPIvXCTICR8trsxbfiZFpxK3y89pd_b-U41V_Q1ptydwhT_qLz3clh8XRLOu_-LdI5N_hHyjljg
x-goog-storage-class: MULTI_REGIONAL
status: 200
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 60855
last-modified: Mon, 24 Aug 2020 18:23:17 GMT
server: UploadServer
etag: "2b1509bd23d31abc5d47587db3841054"
x-goog-hash: crc32c=wMRXSw==, md5=KxUJvSPTGrxdR1h9s4QQVA==
x-goog-generation: 1598293397311132
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=600,no-transform
x-goog-stored-content-length: 60855
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 31 Aug 2020 13:34:42 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=133917740&t=pageview&_s=1&dl=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_gid=27469277.1598880788&gjid=1989167785&_v=j83&z=1748114168
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168&slf_rd=1&random=2192796427

42 B
106 B

19ms
18ms

Image
image/gif

2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168&slf_rd=1&random=2192796427

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-53083811-1&cid=276292916.1598880788&jid=632680538&_v=j83&z=1748114168&slf_rd=1&random=2192796427
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_ca...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D21479%26url%3Dhttps%253A%252F%252Fironscales.com%252Fblog%252Fphishing-websites-u...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_ca...

0
58 B

132ms
132ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&time=1598880788525&liSync=true
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: W3ZlM5tdMBYA0u/l3SoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: 7UbVLZtdMBbACogb1CoAAA==
pragma: no-cache
x-li-pop: afd-prod-edc2
x-msedge-ref: Ref A: E3A2C590BF8941E1B6B8BB2ADB670F7B Ref B: FRAEDGE1114 Ref C: 2020-08-31T13:33:08Z
x-frame-options: sameorigin
date: Mon, 31 Aug 2020 13:33:08 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=21479&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&time=1598880788525&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 modules.650467f8f8ec9593c386.js Show response
script.hotjar.com/ 358 KB
70 KB 29ms
29ms Script
application/javascript 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.650467f8f8ec9593c386.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-250997.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress15
Software: /
Resource Hash: 0b3d5db703bd371c6856cd937444a918c24c8336cb568bcbce18dad2c937e832

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: br
age: 29547
status: 200
section-io-cache: Hit
content-length: 71528
last-modified: Fri, 28 Aug 2020 10:02:38 GMT
etag: "84e0f7e2c11e8ced849ee945f369745c"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.137
section-io-id: 89715ba1c5ec182786e6272c376497d7
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/159/ 11 KB
5 KB 32ms
31ms Script
application/x-javascript 104.109.95.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.95.62 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-95-62.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:08 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Wed, 09 Dec 2020 13:33:08 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/876740003/ 3 KB
1 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/876740003/?random=1598880788531&cv=9&fst=1598880788531&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&ref=http%3A%2F%2Fmsg.ironscales.com%2Fq2DH000BF40l5P04B0Qh00r&tiba=Why%20You%20Need%20Visual%20Similarity%20To%20Prevent%20Phishing%20Lures&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9035b02d7269d2d34640515215bdb6922b237725b7191a4955cf6440daf63d04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1355
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 192ms
136ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0ccx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Mon, 31 Aug 2020 13:33:08 GMT
server: tsa_f
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9c7dee29bc963f30b076b98265262771
x-transaction: 00521dd200c24302
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 202 page Show response
rs.fullstory.com/rec/ 51 B
225 B 201ms
140ms XHR
text/plain 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rs.fullstory.com/rec/page

Requested by

Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.194.58 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

58.194.186.35.bc.googleusercontent.com

Software

Resource Hash

ff1786c9598f483524c56cabe6b85da81d58e021bcce23b199be9c5c16d515df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
via: 1.1 google
x-content-type-options: nosniff
status: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://ironscales.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 51

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/876740003/ 42 B
122 B 26ms
25ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/876740003/?random=1598880788531&cv=9&fst=1598878800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&frm=0&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&ref=http%3A%2F%2Fmsg.ironscales.com%2Fq2DH000BF40l5P04B0Qh00r&tiba=Why%20You%20Need%20Visual%20Similarity%20To%20Prevent%20Phishing%20Lures&async=1&fmt=3&is_vtc=1&random=355067978&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/876740003/ 42 B
107 B 21ms
20ms Image
image/gif 2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/876740003/?random=1598880788531&cv=9&fst=1598878800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8j2&sendb=1&frm=0&url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&ref=http%3A%2F%2Fmsg.ironscales.com%2Fq2DH000BF40l5P04B0Qh00r&tiba=Why%20You%20Need%20Visual%20Similarity%20To%20Prevent%20Phishing%20Lures&async=1&fmt=3&is_vtc=1&random=355067978&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visitWebPage Show response
954-hbd-655.mktoresp.com/webevents/ 2 B
475 B 217ms
40ms XHR
text/plain 134.213.193.62
RACKSPACE-LON

General

Check archive.org

Show headers Download Go to

Full URL: https://954-hbd-655.mktoresp.com/webevents/visitWebPage?_mchNc=1598880788565&_mchCn=&_mchId=954-HBD-655&_mchTk=_mch-ironscales.com-1598880788564-85617&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&_mchHo=ironscales.com&_mchPo=&_mchRu=%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=http%3A%2F%2Fmsg.ironscales.com%2Fq2DH000BF40l5P04B0Qh00r&_mchQp=utm_source%3Demail_nurture__-__utm_campaign%3Dtechtarget_nurture__-__utm_medium%3Demail_04_body2__-__mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 134.213.193.62 , United Kingdom, ASN15395 (RACKSPACE-LON, GB),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:08 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: f3dbe2d8-7d76-4e2b-8d25-fdad5874cecd

GET
H2 200 dtp-104.html Show response
get.ironscales.com/ Frame E2E4 2 KB
971 B 575ms
574ms Document
text/html 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.ironscales.com/dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Requested by

Host: ironscales.com
URL: https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dedebe1a94a10aa12891fde263d12be13ac8779a1af5ba8454cd9d1419db384

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: get.ironscales.com
:scheme: https
:path: /dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=dc21b0cc216d547f71573bd6507b22d0c1598880788; __cf_bm=8337019cc9d617bbdecb0f03da9ec30a4bd85d9c-1598880788-1800-AYs3A907CrJBT1Tm7bH8PM+BfUKLF7oxKt4G/A6XFa0gUrRcwN2H5/5o8MkAgVsIik4EIopi36orYIJDESwjVzM=; _gcl_au=1.1.1798277842.1598880788; _ga=GA1.2.276292916.1598880788; _gid=GA1.2.27469277.1598880788; _gat_UA-53083811-1=1; _mkto_trk=id:954-HBD-655&token:_mch-ironscales.com-1598880788564-85617; _hjid=6f619798-e13a-4d08-999b-fffcab424940
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:09 GMT
content-type: text/html; charset=utf-8
p3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
vary: *,Accept-Encoding
x-content-type-options: nosniff
x-cache-status: BYPASS
x-mkto-nginx-cache: false
set-cookie: RSMKTO1=3204520876.47617.0000; path=/; Httponly; Secure
cf-cache-status: DYNAMIC
cf-request-id: 04e651c8b40000047eb9b42200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5cb71f212bfa047e-CDG
content-encoding: gzip

GET
H2 200 ei.js Show response
web-analytics.engagio.com/js/ 1 KB
1 KB 340ms
117ms Script
application/javascript 18.214.205.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/js/ei.js
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.205.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: ac3eabbaf8163e35b29458577bf04ff6d9e254b69dab0130d242edf69d29b8ec

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:08 GMT
cache-control: max-age=0
last-modified: Tue, 04 Aug 2020 05:28:07 GMT
content-length: 1077
vary: Origin
content-type: application/javascript; charset=utf-8

GET
H2 200 search_bg.jpg
ironscales.com/img/search/ 88 KB
88 KB 624ms
624ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/search/search_bg.jpg?v1

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

51993fe07a5b5443dbfae48d83eaa60a9d01b891d48f0599196818ed51c1807c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 89732
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 05 May 2020 02:14:56 GMT
server: nginx
x-frame-options: DENY
etag: "5eb0cc20-15e84"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 magnifying_glass2.png
ironscales.com/img/icons/ 6 KB
7 KB 625ms
624ms Image
image/png 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/img/icons/magnifying_glass2.png

Requested by

Host: ironscales.com
URL: https://ironscales.com/css/irn.css?h=b7aa9854

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7af80b7ee029da9fd729ac842b62f25d892c6cec9c3ee4bc2c5a521078c17461

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/css/irn.css?h=b7aa9854
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 6637
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 05 May 2020 02:14:56 GMT
server: nginx
x-frame-options: DENY
etag: "5eb0cc20-19ed"
strict-transport-security: max-age=63072000; preload
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:39 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 212ms
149ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o0ccx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Mon, 31 Aug 2020 13:33:08 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 9c412a50eaa287a6c164309c489745bb
x-transaction: 0093170f00eb440a
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame F865 0
0 40ms
39ms Document
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdV36AUAAAAAEIJ4sLJOqpAo1gGvK0Egs5JMMXh&co=aHR0cHM6Ly9pcm9uc2NhbGVzLmNvbTo0NDM.&hl=en&v=QVh-Tz10ahidjrORgXOS1oB0&size=invisible&cb=qq1wfyclggw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xVOkXOkoi0Nd33RpPz2WLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdV36AUAAAAAEIJ4sLJOqpAo1gGvK0Egs5JMMXh&co=aHR0cHM6Ly9pcm9uc2NhbGVzLmNvbTo0NDM.&hl=en&v=QVh-Tz10ahidjrORgXOS1oB0&size=invisible&cb=qq1wfyclggw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 31 Aug 2020 13:33:08 GMT
content-security-policy: script-src 'report-sample' 'nonce-xVOkXOkoi0Nd33RpPz2WLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9059
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 38 KB
12 KB 119ms
38ms Script
text/javascript 104.108.144.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NWKDSR
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-126.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: CeVUvvucPy3Id6wu3pm.U9kY8oddI4fW
Content-Encoding: gzip
ETag: "d78a05d3ec6a770650daa2185ccbc352"
x-amz-request-id: AR5H0H0WBN7M3Z5M
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11962
x-amz-id-2: M93StxvvSqMxMsj+xy9yc6/AzzLsqM+G9sD8qeZqrxLh0uwhVbmeri750Q0Y8g/i85pm3VGzATE=
Last-Modified: Wed, 19 Aug 2020 17:39:39 GMT
Server: AmazonS3
Date: Mon, 31 Aug 2020 13:33:08 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 forms2.css
app-lon09.marketo.com/js/forms2/css/ 13 KB
3 KB 30ms
30ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 807
status: 200
content-length: 2623
cf-request-id: 04e651c8fb0000cda35bb52200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "2210da-3437-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5cb71f219f77cda3-CDG
expires: Mon, 31 Aug 2020 17:33:08 GMT

GET
H2 200 forms2-theme-simple.css
app-lon09.marketo.com/js/forms2/css/ 826 B
354 B 31ms
30ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 807
status: 200
vary: Accept-Encoding
content-length: 242
cf-request-id: 04e651c8fb0000cda35bb53200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "2210de-33a-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5cb71f219f78cda3-CDG
expires: Mon, 31 Aug 2020 17:33:08 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 7B26 0
0 36ms
34ms Document
text/html 147.75.102.203
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-250997.js?sv=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.102.203 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress15
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:08 GMT
content-type: text/html
content-length: 851
last-modified: Tue, 18 Aug 2020 07:00:06 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.086
section-origin-responded: true
age: 1146625
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 1b5cc40dc2cb5ac3ed781c1807752de9

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7HNCXVM525FBDJRTW6VK7M/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

36ms
36ms

Script
application/javascript

104.108.144.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-126.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: D5A597EE0833E431
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: iT3AhVCvxCGoaPfY8HWIkM+GU3mNP4ORsXGNqf4gQ1UZT/dCJfOSjlPhibGxfAau3OKpQ+gqwXA=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Mon, 31 Aug 2020 13:33:09 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Mon, 31 Aug 2020 13:33:09 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7HNCXVM525FBDJRTW6VK7M/EV55TG6UKZBHRMSFGFTBSJ/ 1 KB
1 KB 110ms
37ms Script
text/javascript 104.108.144.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7HNCXVM525FBDJRTW6VK7M/EV55TG6UKZBHRMSFGFTBSJ/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-126.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2X7dAYBwNgDnHmh5zILJwNcSoP4bFiff
Content-Encoding: gzip
ETag: "3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id: 7X0K4ZAM4V0Q6JFM
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 635
x-amz-id-2: fq4oICUV6H8HOMQBUJA2yjYxYp4rDfT0SZ4Zvvr5THUqzy+T6DlJNxvCZOAVFfnlyf5jTl92xEI=
Last-Modified: Sun, 30 Aug 2020 17:44:19 GMT
Server: AmazonS3
Date: Mon, 31 Aug 2020 13:33:09 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/7HNCXVM525FBDJRTW6VK7M/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7HNCXVM525FBDJRTW6VK7M?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2
https://d.adroll.com/consent/check/7HNCXVM525FBDJRTW6VK7M/?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2

385 B
477 B

41ms
40ms

Script
application/javascript

54.171.23.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7HNCXVM525FBDJRTW6VK7M/?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.23.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 71a1ec6ae430a48b1e2c79215280e2606f8d269b9df2fbbd9bfe0d2ea0878381

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:09 GMT
server: nginx/1.16.1
content-length: 385
content-type: application/javascript

Redirect headers

status: 302
date: Mon, 31 Aug 2020 13:33:09 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/7HNCXVM525FBDJRTW6VK7M/?_s=1268cde6c2c8060a1129ef9318dafc63&_b=2

GET
H2 200 XDFrame
app-lon09.marketo.com/index.php/form/ Frame 7556 0
0 44ms
44ms Document
text/html 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-lon09.marketo.com/index.php/form/XDFrame

Requested by

Host: app-lon09.marketo.com
URL: https://app-lon09.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-lon09.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:09 GMT
content-type: text/html; charset=utf-8
content-length: 653
set-cookie: __cfduid=d495daf2a75532bcf37bd925ec25f164c1598880788; expires=Wed, 30-Sep-20 13:33:08 GMT; path=/; domain=.app-lon09.marketo.com; HttpOnly; SameSite=Lax RSMKTO1=3137412012.47617.0000; path=/; Httponly; Secure __cf_bm=6dcadd4aebb398ece9a6cd7497e21faf814d9c25-1598880789-1800-AdHEU2BoyT4DlYGwjpGuZbAN18AbMEpNT/kt+gtiR4F6pNomTW2CvICySiiy7YXS80DBRKtUwjvRRXxjLCZBFqY=; path=/; expires=Mon, 31-Aug-20 14:03:09 GMT; domain=.app-lon09.marketo.com; HttpOnly; Secure; SameSite=None
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
cf-request-id: 04e651ca020000cda35bb6a200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5cb71f233ba3cda3-CDG

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/250997/ 178 B
320 B 48ms
47ms XHR
application/json 34.246.206.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/250997/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.650467f8f8ec9593c386.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.206.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 31 Aug 2020 13:33:09 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

GET
H2 200 ei_track_all_packed.js Show response
dn1f1hmdujj40.cloudfront.net/js/ 8 KB
8 KB 37ms
8ms Script
application/javascript 2600:9000:214f:1e00:c:90ee:6000:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Requested by: Host: web-analytics.engagio.com
URL: https://web-analytics.engagio.com/js/ei.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1e00:c:90ee:6000:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 69cbeb32415361b0f7a1885601c4ca9bbecfdddfd91497c348d1a0bc403dee66

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:30:59 GMT
via: 1.1 d7524ff4a82155dd51a24800cf39deec.cloudfront.net (CloudFront)
last-modified: Tue, 04 Aug 2020 05:28:07 GMT
age: 130
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300
x-amz-cf-pop: FRA53-C1
content-length: 7719
x-amz-cf-id: zbRFjKak6ooqfnujR0B7wE3LvJeNRSUdZrI5qm70vGQN78HmLtww7A==

POST
H/1.1 200
OK content Show response
ws1.hotjar.com/api/v2/sites/250997/recordings/ 69 B
394 B 351ms
217ms XHR
application/json 52.212.239.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws1.hotjar.com/api/v2/sites/250997/recordings/content
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.650467f8f8ec9593c386.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.239.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ed2de453deb296f56097281ec612c8a05296fda15cfc1a55e1c60f4ec103dfb7

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

Date: Mon, 31 Aug 2020 13:33:09 GMT
Content-Encoding: br
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2 200 stat Show response
web-analytics.engagio.com/api/ 70 B
162 B 131ms
130ms Script
text/javascript 18.214.205.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://web-analytics.engagio.com/api/stat?page_url=https%3A%2F%2Fironscales.com%2Fblog%2Fphishing-websites-using-visual-similarity-to-lure-victims%2F%3Futm_source%3Demail_nurture%26utm_campaign%3Dtechtarget_nurture%26utm_medium%3Demail_04_body2%26mkt_tok%3DeyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9&page_title=Why%20You%20Need%20Visual%20Similarity%20To%20Prevent%20Phishing%20Lures&track_type=page&action=ei_view&category=ei_page_tracking&client_id=&account_id=f757f1b12e768e01298c6c10044bb8d5210e24df&method=post&callback=EI.api._callbacks.s31355782
Requested by: Host: dn1f1hmdujj40.cloudfront.net
URL: https://dn1f1hmdujj40.cloudfront.net/js/ei_track_all_packed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.205.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 4f2a716b296f785f8cfbd787f38ea3592a9c03e8b898089964ecbc09f2c8f06a

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 31 Aug 2020 13:33:09 GMT
content-length: 70
vary: Origin
content-type: text/javascript; charset=utf-8

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 388 KB
53 KB 54ms
53ms Script
application/javascript 104.108.144.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.108.144.126 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-108-144-126.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d4a661cb0efd5f36bfe10e439dd26e3afccf8ff470b28dcec75f1713a7d51b27

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: h4m2jjQlA2CP9ZYqMoovkRh6inLSRALE
Content-Encoding: gzip
ETag: "045dfa15a2715b0b070cb4d61675c093"
x-amz-request-id: 8DA41BFB5D7D4B16
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 53242
x-amz-id-2: gKzNE6L4exEuB2iDHxoDnFIJ7qHfW81YpRSu6xInzu/RZRIyZVQFgmQP9IdYpdOyOWG9TWkFEXg=
Last-Modified: Tue, 25 Aug 2020 22:56:43 GMT
Server: AmazonS3
Date: Mon, 31 Aug 2020 13:33:09 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK favicon-32x32.png
nextroll.com/ 2 KB
2 KB 380ms
132ms Image
image/png 107.23.162.152
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nextroll.com/favicon-32x32.png
Requested by: Host: ironscales.com
URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.162.152 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 31 Aug 2020 13:33:09 GMT
Via: 1.1 vegur
Last-Modified: Fri, 28 Aug 2020 18:25:24 GMT
Server: Apache
Etag: "64f-5adf42d1c2d00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1615

GET
H2 200 teknkl-simpledto-1.0.4.js Show response
ironscales.com/plugins/marketo/ Frame E2E4 2 KB
2 KB 196ms
196ms Script
application/x-javascript 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js

Requested by

Host: get.ironscales.com
URL: https://get.ironscales.com/dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

378ab8d9a44d2be7565da804a20b5e6229694d3332e97b92c770675dd379042f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://get.ironscales.com/dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: public
date: Mon, 31 Aug 2020 13:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 20 Mar 2020 14:44:46 GMT
server: nginx
x-frame-options: DENY
content-type: application/x-javascript
status: 200
cache-control: max-age=604800, public
strict-transport-security: max-age=63072000; preload
vary: Accept-Encoding
x-xss-protection: 1; mode=block
expires: Mon, 07 Sep 2020 13:37:40 GMT

GET
H2 200 stripmkttok.js Show response
get.ironscales.com/js/ Frame E2E4 2 KB
1 KB 25ms
25ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.ironscales.com/js/stripmkttok.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://get.ironscales.com/dtp-104.html?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3703
status: 200
content-length: 678
cf-request-id: 04e651cb0a0000047eb9b73200000001
last-modified: Wed, 22 Jul 2020 19:04:14 GMT
server: cloudflare
etag: "4819bd-602-5ab0c67dc4780"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 5cb71f24ddc1047e-CDG
expires: Mon, 31 Aug 2020 17:33:09 GMT

POST
H2 204 250997 Show response
vc.hotjar.io/sessions/ 0
115 B 124ms
52ms XHR
text/plain 147.75.33.131
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/250997?s=0.25
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.650467f8f8ec9593c386.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.33.131 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k2-shared-ingress9
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

status: 204
date: Mon, 31 Aug 2020 13:33:11 GMT
access-control-allow-origin: *
section-io-id: 5c5e68e0ee10e0ac551ef08fbbf3faff
section-origin-responded: true

GET
H2 200 side-bg.jpg
ironscales.com/blocks/modals/sidebar_modals/fakeloginpages/ 40 KB
41 KB 186ms
186ms Image
image/jpeg 54.201.65.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ironscales.com/blocks/modals/sidebar_modals/fakeloginpages/side-bg.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.201.65.7 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2954ad1a02623cb9488c1aee307eea0dd6bfb85bdda13ff724e4a8be00fe2e46

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:14 GMT
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 41446
x-xss-protection: 1; mode=block
pragma: public
last-modified: Tue, 25 Aug 2020 02:15:44 GMT
server: nginx
x-frame-options: DENY
etag: "5f447450-a1e6"
strict-transport-security: max-age=63072000; preload
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 07 Sep 2020 13:37:45 GMT

GET
H2 200 ebwftkbgwv7w.js Show response
js.driftt.com/include/1598880900000/ 137 KB
45 KB 203ms
141ms Script
application/javascript 143.204.201.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1598880900000/ebwftkbgwv7w.js

Requested by

Host: ironscales.com
URL: https://ironscales.com/js/irn.js?h=90ccce02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.201.78 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-78.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 31 Aug 2020 13:33:18 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 27 Aug 2020 14:41:50 GMT
server: nginx
etag: W/"c0ffecccae38fb92e490ef3de88a7ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
via: 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mI5JMsh-MEmDjNmDtW1_fMcAhYwINEspHsPOISd5oKOWFUv7h0Nw9A==

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame 585A 0
0 32ms
31ms Document
text/html 143.204.201.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1598880900000/ebwftkbgwv7w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.201.78 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-201-78.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Thu, 27 Aug 2020 14:41:50 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Aug 2020 13:33:18 GMT
etag: "79dca91bb58307b4af95c3ac6f14d3fe"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: cscjP4w59KJHDubec_jp8jeyDWYve_QCteJuzwLASWOnB3WgbUJi9Q==

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.app-lon09.marketo.com/	1970-01-19 12:08:02	Name: __cf_bm Value: 6dcadd4aebb398ece9a6cd7497e21faf814d9c25-1598880789-1800-AdHEU2BoyT4DlYGwjpGuZbAN18AbMEpNT/kt+gtiR4F6pNomTW2CvICySiiy7YXS80DBRKtUwjvRRXxjLCZBFqY=
.ironscales.com/	1970-01-20 05:39:12	Name: ei_client_id Value: 5f4cfc15356659001093fd82
ironscales.com/	1970-01-19 12:08:00	Name: _hjIncludedInPageviewSample Value: 1

27 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 930) Message: cookies accepted
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 884) Message: Loading scripts
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 32) Message: initing menu
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 333) Message: load v3
console-api	debug	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 261) Message: last url: null
console-api	debug	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 264) Message: curr url: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: Loading prefill values
console-api	log	URL: https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js(Line 13) Message: SimpleDTO: Unifying domains ironscales.com, ironscales.com
console-api	log	URL: https://www.gstatic.com/recaptcha/releases/QVh-Tz10ahidjrORgXOS1oB0/recaptcha__en.js(Line 325) Message: reCAPTCHA couldn't find user-provided function: irn_render_v2_captchas
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 335) Message: v3 READY
console-api	log	URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9(Line 2726) Message: search_engine msg.ironscales.com
console-api	log	URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9(Line 2727) Message: search_string None
console-api	log	URL: https://ironscales.com/blog/phishing-websites-using-visual-similarity-to-lure-victims/?utm_source=email_nurture&utm_campaign=techtarget_nurture&utm_medium=email_04_body2&mkt_tok=eyJpIjoiWkRsaU5EWTRZamhpWmpRMCIsInQiOiJwVjQzVWlPdHIxTTh3QTBxVElwVnRnOU45OGtRMlMxMFBQdlRVaGFTcmlDd0pReld3QkdsUUpxcHhmRUp1eGlLaWJmcXhxZ1NvSHJ4dTVWY1pJYjFVWXJtbU1KRlRhRFFQaDVDODlxWUxSOG9NNzIwZzNpN04xY2ZVZG1GWG1EVyJ9(Line 2728) Message: ppc_keyword
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: MARKETO READYYYY inner
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: orig selector: .irn-form-newsletter
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: Found right form
console-api	log	URL: https://ironscales.com/js/irn.js?h=90ccce02(Line 316) Message: updating captcha v3
console-api	log	URL: https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js(Line 13) Message: SimpleDTO: Unifying domains get.ironscales.com, ironscales.com
console-api	log	URL: https://ironscales.com/plugins/marketo/teknkl-simpledto-1.0.4.js(Line 26) Message: SimpleDTO: running callback
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: [object Object]
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: FirstName Rakesh
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: LastName Kakare
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: Email rakesh.kakare@ensono.com
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: Country United States
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: State Illinois
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: Phone +91 99220 07572
console-api	log	URL: https://ironscales.com/js/react-dist/irn-react-app.js?h=f6bf93d6(Line 1) Message: setting value: Company Ensono

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

954-hbd-655.mktoresp.com
analytics.twitter.com
app-lon09.marketo.com
d.adroll.com
d.adroll.mgr.consensu.org
d26x5ounzdjojj.cloudfront.net
dn1f1hmdujj40.cloudfront.net
edge.fullstory.com
fonts.googleapis.com
get.ironscales.com
googleads.g.doubleclick.net
in.hotjar.com
ironscales.com
js.driftt.com
msg.ironscales.com
munchkin.marketo.net
nextroll.com
polyfill.io
px.ads.linkedin.com
rs.fullstory.com
s.adroll.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
vars.hotjar.com
vc.hotjar.io
web-analytics.engagio.com
ws1.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.108.144.126
104.109.95.62
104.16.96.80
104.17.72.206
104.244.42.131
104.244.42.133
107.23.162.152
134.213.193.62
143.204.201.78
143.204.208.197
147.75.102.203
147.75.33.131
151.101.12.157
172.217.23.162
18.214.205.154
2600:9000:214f:1e00:c:90ee:6000:21
2620:1ec:21::14
2a00:1450:4001:801::200e
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:80b::2004
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::200a
2a00:1450:4001:81f::2008
2a00:1450:4001:821::2003
2a00:1450:400c:c0c::9a
2a02:26f0:10c:382::25ea
2a04:4e42:200::621
2a05:f500:10:101::b93f:9105
34.246.206.139
35.186.194.58
35.201.112.186
52.212.239.19
52.88.88.165
54.171.23.184
54.201.65.7
07cf529694d967a21c626b4b0a4cf087867f460a74b1e297951539de974b8941
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0a010ab1080b149864b2fe49a7b0be107a83398fd0cb7e8163af59215968ec23
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0b3d5db703bd371c6856cd937444a918c24c8336cb568bcbce18dad2c937e832
0bcb34034069333dd04364cdb8f60bb4d741f1cdb1f0941eecb10970bfe24213
0c1a1c1fc493c1d57eef5ebb799169ab9cea63f550dd3f02b419eaadfd70757e
0e905a3e0020faf88b290260057a76ea7692bd4f13a0c9ea0b1dbcdce96d4457
0fd02f47413390d668599552bc8ddc87eb9ffd9e62ceb22971bb32915a61c0f5
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1683930fc1ffefde62012b4b55b483988a3d16535d6f733f97527f2dbcc1f0d6
16f45d13e31204c9af864b9a3c4171ce024912edb20e36309e11d6c2ce3f527b
1e3b519ced35877c58b1f442cf90829046eee37e2cdb94d69d38d35d421e364c
20b80cb54fee262e87c2cde4aa9f9292ea82594df9e0ea990dade9bb6784f681
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
27f9ede97f4f869a890513bc9549dfb27ee838892aab7e5b7ecb73b5496d41c7
2954ad1a02623cb9488c1aee307eea0dd6bfb85bdda13ff724e4a8be00fe2e46
2964cc44f6962deb50e828d85bd3dbed098f73ebdab3d9d6acfba1eaf03bc56d
2af953a3ea85989c41ade79fe80f4076a457b6767bd676daa9e3c1be45b66a77
2caa0ed2d3622d9969bf2ffada067adc6194aed5d87ed36ca352b313d5c54910
2dbb0224fb1f918a87d886944f9cca709e324d57fc27201e62c405c51a2fca31
2e8e5d22dacefe63f5c5e3e5271de7c87d0f6e9f3fcd9f7b43024d8b4119e59e
2f0ebd4dd8cfa1bffaab501c03f130da31bba67697de77da5c300c7dba88ce28
2f517129448cda16f0e393da72d07918d61ee78f9e644c15e535ab76b3da36e4
2fe668f50e1b19f758d3a06ac0c60b0e869c6b31fa1ab43190b6af3dd4f46b8e
31401db8663f8c528cdc48964e64784ff1f2f6c539281c6ccdeed18736bf99cb
315c33c94a93b50cd6acfcfe7e8678a5e7ee381d82c6253af2d82de91347a228
31d5ecdab7ca70e756d2c6992135a68a3f678c6aec2cce12ac77a495e7213ae1
33fcfc6403f3961b703d6b742f9f0732b3c83dd0c73a444cb2c759ce49e8e0b1
378ab8d9a44d2be7565da804a20b5e6229694d3332e97b92c770675dd379042f
3dedebe1a94a10aa12891fde263d12be13ac8779a1af5ba8454cd9d1419db384
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
430078364d0a1f8ed220fac73ad7c4a784d16ea9933436c31c6f00f1dc3c897f
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
46aa540f329f9bd3360679841713244fd83e7b67aa970dd79edb5f69b77e9990
4842ef7436621848a836428439486a2f2e0b346ce5a8b4b9e3c79e46ac9032bf
499a55afdf504da273f9b95cc3ad86958f160da5fcebde1cfd325382228ef13a
4ba78cad3b10a0435c4744e6b2c42839738ae0349f6d59a3e7fb2a9216b0e226
4e98a7d205cd00cb26a5c7defc747e0ef6eb8553f2f6ec3f8f5bf1530cf5bec3
4f2a716b296f785f8cfbd787f38ea3592a9c03e8b898089964ecbc09f2c8f06a
509bc86c3091dae312dbaa4d1f3aa0d23d1e36658c4c740f133979e943467f87
51993fe07a5b5443dbfae48d83eaa60a9d01b891d48f0599196818ed51c1807c
5205f4a54c7197a10cb469255d5e19950c7fd98519c72aa27b4775753a52a056
532dbaf595f0ca15600596aa7ef10947ad53fa3101b179afd27d71068475e320
53a03983dfe6ee0c0047efb842b26ec005bebfb6939ea2ee54652159ee85fb30
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
59368688c89a33cbc89724cd2c2021c1ec1eefb8f88992e77cb8f8fc77aff5cd
5aec1442af41f697e3eea03e28a4237fc6457682f07542fcdb71cba7e1bc665f
5bf97cc4469c3d16f4496257c9e01e1c54e19e9838107027dd76f36f4a149b46
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
6705d9400604531f340784c8d7098be4f67c1b2391d08eb78d9def3d16b97653
69cbeb32415361b0f7a1885601c4ca9bbecfdddfd91497c348d1a0bc403dee66
6aaf88ca5a2ce642ac332365498091049ecb0b56994cc06a6e8a267c9c2e5f94
71a1ec6ae430a48b1e2c79215280e2606f8d269b9df2fbbd9bfe0d2ea0878381
72ae122537d166d481e830a3a959c37f0802dc3626f02fc97967bec1a819b423
740458b82de9774c1affb4781e4b7fb11db37cb1c281b9d5010dac3f084d7b40
756520d17240fe9e348523e5628dcca74828e0d8fc2bb75542cde9874cb2645b
784b1123d0378500abd7c0cf4b19998978d8542b003d38c0705877e97f23d113
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7af80b7ee029da9fd729ac842b62f25d892c6cec9c3ee4bc2c5a521078c17461
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
84af60691ad337be76a27bc232a4be3d6f7926a890a1a11a0a776a8e96ca2306
8c18dfa681034302f722332c999f5b77e1949baebece922d63f7e3268a9f1c13
9035b02d7269d2d34640515215bdb6922b237725b7191a4955cf6440daf63d04
917deb54b8880710fc47abd93232c093cb473608eb454cbffe19d7f218c761a9
919ce225464d5e8d79944356fcaa74323a12f8fc847eec6c7a877f9e752f7fb9
979bddf384e612e43d9adf9acc93dd1aaba02cf7ea54cd0cf2ea4381e6a63ef0
99d89e61517085fec5ffb99f964e89544c9940864f5032ed7b16821168881647
99edc6dceb902f19aa26fb5e5e2c8ccdf293d84b3faf5daa38f28e191bef5203
9bc1c6870463b90e5ee4b67ec05ea6b718313f367bc014a33f07143577995ca6
a0464a4a259702fe4f10712d5855e9eb3308d0b1621b18f0da31a19f986b52cb
a4f214d5cd7651531508e62b3e2a852a3e17114a4f49c0dafa5ef9af512c843c
aa371b695a477025f6fd48693baea5a6ed0ff4eb71c5a660d854e543b2370013
ab2e5351e295b309024701645167edf1f3db7f0b78802087f6f88fc8181a26ec
ac3eabbaf8163e35b29458577bf04ff6d9e254b69dab0130d242edf69d29b8ec
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aeb43a370be31e01b91498645292b9044eae37f5ffdd1d3c72f89948e13384c5
afce2007ecd0cb8c9f401e5e43f837dbc1b90d95d7feb4340409094df3c4dd91
b52ef42420ae4b652732a82263062cbbd160b90b87dcae633d7025250258d786
b567a34b05f370632f24f2e30be12afb778641fa521df6934a0c407da53b05e6
b916b2e0fe286bd873f470d227a5bd3415b8f04fd304fdf317e426b42ebae780
bb69f0d12ae7cb3cfbbb836dfccbcf6e5677571c7c633bc31febceb4fe41846c
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bdd9d2b1a18d8e20e32bbd0b98e617f0d97ef8537f05b6820325a04a0461b1e1
c3488adc1085dc5bfd98e0fed39687ee2693199b933f3f919acea2658418514e
ca7e2d1dbd0e7d9ec970d62f933a22e2ce6248588aa719dca702e8b24499375a
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
d406c36819ce680fc36255ce69e8d5a8e4a4dd99acd804fc8f7709d970c153f4
d4a661cb0efd5f36bfe10e439dd26e3afccf8ff470b28dcec75f1713a7d51b27
d85943f9a3e66ded0349113d8aaac99a3158b3e604f9c8041e82aea681ccdbcd
dca8ffcd5d9d0432a7d04099b090526d5b361e07eaade975de05c3d2d534c7ad
dd41e1d8a4bf143bd7aa909c1279541dc4cf92870a3fd911f646aa55d64b151b
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
defbb0dec48dbc91321c5a92128509816d8e8b77e085456782a883c4463b2810
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e159b8427fb1c84e0b88db35fe205a17c4b529e58bc1a12aab2219d56b8a48ec
e35f2c4e49a5539fffe1d5760b5d0eb5f59ef819b688029d996e2c5593ec2e07
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e426b97287b55ba93461f695ee56599c817c3faafad90bf55cb3956979ed3dfc
e89f581fef71f1a952259ccf2e5db363de85ab3324efa408675096e745f93a06
e8aac0b7a7c3e3c17c621bf5bb24c098a602e4ad0c2867598f40d5ee49eca425
e8d46dfb4ca0d270a4789461c199b3a7c7ce9ba6a733d6a4abc59ccdafa71170
ed2de453deb296f56097281ec612c8a05296fda15cfc1a55e1c60f4ec103dfb7
ee51a258b519eb461f1bdbfd81e76e44e7fc37f750f5904bff812abf794356f5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24c51a94a931f1bdd7c3dacc9ebb3848305f5eb5a3feddf0b01227f6c778c17
f46ce772d96a3784bfaec3a0eccb307769df339a4784033d03b1c8947ebd73c7
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
ff1786c9598f483524c56cabe6b85da81d58e021bcce23b199be9c5c16d515df
ffb2ed5f41e1030978afdfbd2652a9263eca69657ed6bdc7e4d8962d88bf9c59

ironscales.com Open in urlscan Pro 54.201.65.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

123 Requests

99 %HTTPS

39 %IPv6

27 Domains

38 Subdomains

35 IPs

8 Countries

4159 kBTransfer

6168 kBSize

3 Cookies

16 Outgoing links

Page URL History

Redirected requests

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ironscales.com Open in urlscan Pro
54.201.65.7 Public Scan

Screenshot
Live screenshot

Full Image

123
Requests

99 %
HTTPS

39 %
IPv6

27
Domains

38
Subdomains

35
IPs

8
Countries

4159 kB
Transfer

6168 kB
Size

3
Cookies

123 HTTP transactions
3 data transactions