www.forcepoint.com Open in urlscan Pro
2a04:4e42:600::740 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW...
Effective URL:
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6...
Submission: On October 31 via api (October 31st 2020, 12:01:56 pm UTC) from DE

Summary HTTP 142 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 42 IPs in 8 countries across 38 domains to perform 142 HTTP transactions. The main IP is 2a04:4e42:600::740, located in Ascension Island and belongs to FASTLY, US. The main domain is www.forcepoint.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 24th 2020. Valid for: 2 years.

This is the only time www.forcepoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	199.60.103.2 199.60.103.2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3 64	2a04:4e42:600... 2a04:4e42:600::740	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.111.215.136 104.111.215.136	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2600:9000:209... 2600:9000:2093:8c00:3:c04e:c780:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.33.221.14 185.33.221.14	29990 (ASN-APPNEX) (ASN-APPNEX)
1	99.86.2.95 99.86.2.95	16509 (AMAZON-02) (AMAZON-02)
7	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
1	54.230.182.189 54.230.182.189	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:209... 2600:9000:2093:ba00:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	18.195.43.194 18.195.43.194	16509 (AMAZON-02) (AMAZON-02)
1 3	52.49.13.247 52.49.13.247	16509 (AMAZON-02) (AMAZON-02)
5	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	104.89.23.244 104.89.23.244	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:eb:... 2a02:26f0:eb:3b4::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.113.131 151.101.113.131	54113 (FASTLY) (FASTLY)
2	52.85.32.71 52.85.32.71	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1 5	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 5	89.163.159.103 89.163.159.103	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2606:4700::68... 2606:4700::6810:650c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 6	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c01::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81a::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	99.86.2.19 99.86.2.19	16509 (AMAZON-02) (AMAZON-02)
1 2	3.248.28.111 3.248.28.111	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	52.30.78.155 52.30.78.155	16509 (AMAZON-02) (AMAZON-02)
2	15.237.76.117 15.237.76.117	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	35.245.208.72 35.245.208.72	15169 (GOOGLE) (GOOGLE)
1	52.20.238.4 52.20.238.4	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	162.247.242.19 162.247.242.19	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
142	42

2 199.60.103.2 (Canada) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., GB)

info.silobreaker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 2a04:4e42:600::740 (Ascension Island) 3 redirects

ASN54113 (FASTLY, US)

www.forcepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.215.136 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-136.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2093:8c00:3:c04e:c780:93a1 (United States)

ASN16509 (AMAZON-02, US)

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.14 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.2.95 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-95.fra6.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.96.102.137 (United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.182.189 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-182-189.ham50.r.cloudfront.net

d5phz18u4wuww.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:ba00:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.43.194 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.49.13.247 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-13-247.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.89.23.244 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-23-244.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:eb:3b4::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.131 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.32.71 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-32-71.ham50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:59:254c:406:2366:268c (United States) 1 redirects

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 89.163.159.103 (Cloppenburg, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a05:f500:11:101::b93f:9005 (Ireland) 3 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c01::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.2.19 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-2-19.fra6.r.cloudfront.net

assets.ubembed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.28.111 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.78.155 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

websenseinc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.237.76.117 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-76-117.eu-west-3.compute.amazonaws.com

analyticsssl.forcepoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

018-nkf-008.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.245.208.72 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 72.208.245.35.bc.googleusercontent.com

r1.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.20.238.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-238-4.compute-1.amazonaws.com

nextroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.242.19 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-7.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
66	forcepoint.com 3 redirects www.forcepoint.com analyticsssl.forcepoint.com	1 MB
9	linkedin.com 6 redirects px.ads.linkedin.com www.linkedin.com	5 KB
9	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com r1.visualwebsiteoptimizer.com	102 KB
6	adroll.com 1 redirects s.adroll.com d.adroll.com	70 KB
6	sharethis.com ws.sharethis.com l.sharethis.com	40 KB
5	theadex.com 1 redirects dmp.theadex.com	16 KB
4	bizible.com cdn.bizible.com	34 KB
4	demdex.net 1 redirects dpm.demdex.net websenseinc.demdex.net	3 KB
3	facebook.com www.facebook.com	689 B
3	facebook.net connect.facebook.net	161 KB
3	twitter.com 1 redirects platform.twitter.com analytics.twitter.com	1 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	tiqcdn.com tags.tiqcdn.com	111 KB
2	nr-data.net bam.nr-data.net	459 B
2	t.co t.co	572 B
2	ads-twitter.com static.ads-twitter.com	4 KB
2	driftt.com js.driftt.com	45 KB
2	ubembed.com 6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com assets.ubembed.com	163 KB
2	licdn.com snap.licdn.com	3 KB
2	marketo.net munchkin.marketo.net	6 KB
2	consensu.org 1 redirects c.sharethis.mgr.consensu.org d.adroll.mgr.consensu.org	137 B
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	googleapis.com ajax.googleapis.com	92 KB
2	silobreaker.com 1 redirects info.silobreaker.com	3 KB
1	newrelic.com js-agent.newrelic.com	11 KB
1	nextroll.com nextroll.com	2 KB
1	mktoresp.com 018-nkf-008.mktoresp.com	311 B
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	bizibly.com cdn.bizibly.com	203 B
1	google.de www.google.de	106 B
1	google.com www.google.com	106 B
1	doubleclick.net stats.g.doubleclick.net	90 B
1	zoominfo.com ws.zoominfo.com	722 B
1	googletagmanager.com www.googletagmanager.com	37 KB
1	cloudfront.net d5phz18u4wuww.cloudfront.net	56 KB
1	ml-api.io attr.ml-api.io	484 B
1	ml-attr.com 1 redirects s.ml-attr.com	283 B
1	cloudflare.com cdnjs.cloudflare.com	2 KB
142	38

	Domain	Requested by
64	www.forcepoint.com	3 redirects info.silobreaker.com www.forcepoint.com connect.facebook.net
7	dev.visualwebsiteoptimizer.com	tags.tiqcdn.com dev.visualwebsiteoptimizer.com www.forcepoint.com d5phz18u4wuww.cloudfront.net
6	px.ads.linkedin.com	3 redirects www.forcepoint.com
5	dmp.theadex.com	1 redirects tags.tiqcdn.com www.forcepoint.com dmp.theadex.com
5	s.adroll.com	1 redirects tags.tiqcdn.com www.forcepoint.com s.adroll.com
4	cdn.bizible.com	tags.tiqcdn.com www.forcepoint.com cdn.bizible.com
4	ws.sharethis.com	www.forcepoint.com ws.sharethis.com
3	www.facebook.com	www.forcepoint.com
3	www.linkedin.com	3 redirects
3	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
3	www.google-analytics.com	tags.tiqcdn.com www.google-analytics.com www.forcepoint.com
3	dpm.demdex.net	1 redirects www.forcepoint.com
3	tags.tiqcdn.com	www.forcepoint.com tags.tiqcdn.com
2	bam.nr-data.net	js-agent.newrelic.com cdn.bizible.com
2	analytics.twitter.com	platform.twitter.com static.ads-twitter.com
2	r1.visualwebsiteoptimizer.com	cdn.bizible.com
2	analyticsssl.forcepoint.com	cdn.bizible.com www.forcepoint.com
2	t.co	www.forcepoint.com
2	static.ads-twitter.com	www.forcepoint.com tags.tiqcdn.com
2	js.driftt.com	tags.tiqcdn.com js.driftt.com
2	snap.licdn.com	tags.tiqcdn.com snap.licdn.com
2	munchkin.marketo.net	tags.tiqcdn.com www.forcepoint.com
2	l.sharethis.com	ws.sharethis.com www.forcepoint.com
2	secure.adnxs.com	2 redirects
2	ajax.googleapis.com	www.forcepoint.com
2	info.silobreaker.com	1 redirects
1	js-agent.newrelic.com	www.forcepoint.com
1	nextroll.com	www.forcepoint.com
1	018-nkf-008.mktoresp.com	cdn.bizible.com
1	cm.everesttech.net	1 redirects
1	websenseinc.demdex.net	tags.tiqcdn.com
1	cdn.bizibly.com	www.forcepoint.com
1	d.adroll.com	www.forcepoint.com
1	d.adroll.mgr.consensu.org	1 redirects
1	assets.ubembed.com	6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
1	www.google.de	www.forcepoint.com
1	www.google.com	www.forcepoint.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ws.zoominfo.com	tags.tiqcdn.com
1	www.googletagmanager.com	tags.tiqcdn.com
1	platform.twitter.com	1 redirects
1	6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com	tags.tiqcdn.com
1	c.sharethis.mgr.consensu.org	ws.sharethis.com
1	d5phz18u4wuww.cloudfront.net	tags.tiqcdn.com
1	attr.ml-api.io	www.forcepoint.com
1	s.ml-attr.com	1 redirects
1	cdnjs.cloudflare.com	www.forcepoint.com
142	47

This site contains links to these domains. Also see Links.

Domain
www.franciscopartners.com
partners.forcepoint.com
support.forcepoint.com
learn.forcepoint.com
unsplash.com
www.bcb.gov.br
go.forcepoint.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
info.silobreaker.com Cloudflare Inc ECC CA-3	`2020-06-30` - `2021-06-30`	a year	crt.sh
*.forcepoint.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-24` - `2022-01-23`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2020-03-16` - `2021-06-15`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
sharethis.mgr.consensu.org Amazon	`2020-05-05` - `2021-06-05`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-10-07` - `2021-11-08`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
z.ssl.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-09-02` - `2021-04-23`	8 months	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-09-11` - `2020-12-10`	3 months	crt.sh
*.theadex.com GeoTrust RSA CA 2018	`2019-10-11` - `2021-10-10`	2 years	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
assets.ubembed.com Amazon	`2020-04-04` - `2021-05-04`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
analyticsssl.forcepoint.com DigiCert SHA2 High Assurance Server CA	`2020-08-10` - `2021-11-17`	a year	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
nextroll.com Let's Encrypt Authority X3	`2020-09-20` - `2020-12-19`	3 months	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-23` - `2021-05-07`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Frame ID: 640F19D426D096160E4BB96949AF13DF
Requests: 159 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: C73AA1F62675F98E06AC01CF9B4510AC
Requests: 1 HTTP requests in this frame

Frame: https://websenseinc.demdex.net/dest5.html?d_nsid=0
Frame ID: 2DFF4B77B746524268BA517F9B729B3F
Requests: 1 HTTP requests in this frame

Frame: https://dmp.theadex.com/r/506/3014/?c=4242187299944203886&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&adex_consent_checked=1604145699
Frame ID: C35339ED95B8B7FDBFCB22721BD22752
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 5F0EC9E86AB0C9E74D916DF68B148FF7
Requests: 1 HTTP requests in this frame

Frame: https://ws.sharethis.com/secure5x/index.html
Frame ID: D2E633408E3555E3D9E62270821D2B85
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg... Page URL
https://info.silobreaker.com/events/public/v1/track/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7... HTTP 307
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=8897474... Page URL

Detected technologies

Unbounce (Editors) Expand

Overall confidence: 100%
Detected patterns

script /ubembed\.com/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

142
Requests

99 %
HTTPS

39 %
IPv6

38
Domains

47
Subdomains

42
IPs

8
Countries

2480 kB
Transfer

6321 kB
Size

33
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.franciscopartners.com/news/francisco-partners-to-acquire-forcepoint-from-raytheon-technologies
Title: Learn More

Search URL Search Domain Scan URL

URL: https://partners.forcepoint.com/
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://support.forcepoint.com/
Title: Support Login

Search URL Search Domain Scan URL

URL: https://learn.forcepoint.com/
Title: Training

Search URL Search Domain Scan URL

URL: https://support.forcepoint.com/TechnicalSupportPrograms
Title: Enterprise Support Options

Search URL Search Domain Scan URL

URL: https://unsplash.com/photos/7F65HDP0-E0
Title: Photo by Mariano Diaz on Unsplash

Search URL Search Domain Scan URL

URL: https://www.bcb.gov.br/en/pressdetail/2334/nota
Title: PIX

Search URL Search Domain Scan URL

URL: https://go.forcepoint.com/CommunicationPreferenceCenter.html
Title: Manage Subscriptions

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/forcepoint?trk=fc_badge
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/forcepointsec
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ForcepointLLC
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC4MbQECdktvwewRlAFwT_-w
Title: YouTube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1 Page URL
https://info.silobreaker.com/events/public/v1/track/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1?_ud=3cf84f55-f7b8-4c66-8b0a-7e57be5236b1&_ch=p&_pr2=p&_pl=0&_lg=en-US&_dr=b&_ts=p HTTP 307
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4027015091739477581

Request Chain 88

https://www.forcepoint.com/ajax/eu-cookie-compliance/ HTTP 301
https://www.forcepoint.com/ajax/eu-cookie-compliance

Request Chain 98

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862

Request Chain 105

https://platform.twitter.com/oct.js HTTP 301
https://static.ads-twitter.com/oct.js

Request Chain 113

https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D2141257%26fmt%3Dgif%26_rnd%3D0.7805006511535972%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972&liSync=true

Request Chain 114

https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D1681282%26fmt%3Dgif%26_rnd%3D0.12172970628279156%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156&liSync=true

Request Chain 126

https://s.adroll.com/j/exp/2GRHXEZSJNFRTPMEC6ZM2B/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 128

https://d.adroll.mgr.consensu.org/consent/iabcheck/2GRHXEZSJNFRTPMEC6ZM2B?_s=44668d92733a4aa01018e96e91e19661&_b=2 HTTP 302
https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=44668d92733a4aa01018e96e91e19661&_b=2

Request Chain 134

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D258729%26time%3D1604145699085%26url%3Dhttps%253A%252F%252Fwww.forcepoint.com%252Fblog%252Fx-labs%252Fphishing-scam-attacking-brazil-pix-instant-payment%253F_hsmi%253D88974744%2526_hsenc%253Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&liSync=true

Request Chain 138

https://dmp.theadex.com/trace.js?adex_consent=1 HTTP 303
https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187299944203886

Request Chain 142

https://cm.everesttech.net/cm/dd?d_uuid=80163706604152596043228259883618134069 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SIwAAB-fWzBTJ

Request Chain 147

https://www.forcepoint.com/js/forms2/css/forms2.css HTTP 301
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

Request Chain 148

https://www.forcepoint.com/js/forms2/css/forms2-theme-simple.css HTTP 301
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

142 HTTP transactions
22 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cv... Show response
info.silobreaker.com/e2t/tc/ 9 KB
3 KB 228ms
108ms Document
text/html 199.60.103.2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.60.103.2 , Canada, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., GB),
Reverse DNS
Software: cloudflare /
Resource Hash: fe0306cedbfd5474d5a6fb47e6b4f738b0bd5393f7771548489bb414bb13bc85

Request headers

:method: GET
:authority: info.silobreaker.com
:scheme: https
:path: /e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:34 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=db69146a549bce08d57a3a9f6ddf40eb11604145694; expires=Mon, 30-Nov-20 12:01:34 GMT; path=/; domain=.info.silobreaker.com; HttpOnly; SameSite=Lax __cfruid=0dc69a5f706cd9564d99296eda97ab392f1e757e-1604145694; path=/; domain=.info.silobreaker.com; HttpOnly; Secure; SameSite=None
cf-ray: 5ead38dfdbe82056-AMS
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 062021dfea0000205696242000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
server: cloudflare
content-encoding: br

GET
H2

200

Primary Request phishing-scam-attacking-brazil-pix-instant-payment Show response
www.forcepoint.com/blog/x-labs/
Redirect Chain

https://info.silobreaker.com/events/public/v1/track/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4...
https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS...

90 KB
26 KB

2607ms
2469ms

Document
text/html

2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Requested by

Host: info.silobreaker.com
URL: https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f491a149569afb596fdc5c4f3a27fba63e1207ee95c712161f5b537c7b1c1b6c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-eval' .fonts.net analyticsssl.forcepoint.com .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com static.ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com bam.nr-data.net maps.gstatic.com .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net tags.w55c.net .demandbase.com .company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net .newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com attr.ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com .js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js .consensu.org .bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src data: ; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.forcepoint.com
:scheme: https
:path: /blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1

Response headers

status: 200
cache-control: public, max-age=1800
content-encoding: gzip
content-language: en
content-security-policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-type: text/html; charset=utf-8
etag: W/"1604145695-0"
expires: Sun, 19 Nov 1978 05:00:00 GMT
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
last-modified: Sat, 31 Oct 2020 12:01:35 GMT
link: <https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment>; rel="canonical",<https://www.forcepoint.com/node/37140>; rel="shortlink"
server: nginx
strict-transport-security: max-age=18410000
x-content-type-options: nosniff
x-drupal-cache: MISS
x-frame-options: SAMEORIGIN
x-generator: Drupal 7 (http://drupal.org)
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-styx-req-id: d2d288ef-1b70-11eb-9708-ae96c617c498
x-ua-compatible: IE=Edge,chrome=1
age: 0 0
accept-ranges: bytes bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Sat, 31 Oct 2020 12:01:37 GMT
x-served-by: cache-mdw17354-MDW, cache-mdw17352-MDW, cache-fra19148-FRA, cache-fra19149-FRA
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-timer: S1604145695.157324,VS0,VE2463
vary: Accept-Encoding, x-geo-country, Cookie, orig-host
content-length: 23993

Redirect headers

status: 307
date: Sat, 31 Oct 2020 12:01:34 GMT
location: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
cf-ray: 5ead38e09d322056-AMS
link: <https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg>; rel="canonical"
vary: Accept-Encoding
cf-cache-status: MISS
access-control-allow-credentials: false
cf-request-id: 062021e05f0000205695253000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy: no-referrer
x-robots-tag: none
server: cloudflare

GET
H2 200 Hoves_DemiBold.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 71 KB
72 KB 109ms
107ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_DemiBold.WOFF

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

95fa06fca5253dd4347dc57fc0cea541dc25d8fa30771904c1d00fa695603dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f968d27-11d88"
age: 396189, 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 73096
x-served-by: cache-mdw17362-MDW, cache-mdw17378-MDW, cache-fra19147-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 08:47:35 GMT
server: nginx
x-timer: S1604145698.642372,VS0,VE102
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60f8e1d9-17d6-11eb-b605-56226c185009
x-cache-hits: 66882, 0, 0, 0

GET
H2 200 Hoves_Medium.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 70 KB
70 KB 126ms
124ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Medium.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3a5e17dd26ebd37ea990a2591a24b1bf8da5bf6f42ddb185abcb5b14674a9bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f968d28-11710"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 71440
x-served-by: cache-mdw17383-MDW, cache-mdw17333-MDW, cache-fra19129-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 08:47:36 GMT
server: nginx
x-timer: S1604145698.642485,VS0,VE108
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60fa7b49-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 66325, 0, 0, 0

GET
H2 200 Hoves_Regular.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 68 KB
68 KB 115ms
113ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Regular.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e29d9249450c34c94e78ea24e50f48a0921d5403c584539c7f841a18952a12f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f97157d-10ffc"
age: 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 69628
x-served-by: cache-mdw17368-MDW, cache-mdw17327-MDW, cache-fra19144-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 18:29:17 GMT
server: nginx
x-timer: S1604145698.642875,VS0,VE103
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 6102c747-17d6-11eb-b605-56226c185009
x-cache-hits: 66755, 0, 0, 0

GET
H2 200 Hoves_Italic.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 74 KB
74 KB 115ms
113ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Italic.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

152d33f581c1bd7b2a423e3e2fa1a2c34817751298e0829bc4154f9e04844baa

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f97157d-1265c"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 75356
x-served-by: cache-mdw17363-MDW, cache-mdw17356-MDW, cache-fra19147-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 18:29:17 GMT
server: nginx
x-timer: S1604145698.642784,VS0,VE103
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60fc42cf-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 62850, 0, 0, 0

GET
H2 200 Hoves_Light.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 69 KB
70 KB 114ms
113ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Light.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8d840af08b18a0a99928ebbbb9a0b4263e08631c0177a3c74963c0e9056c3a21

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f9705dd-1158c"
age: 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 71052
x-served-by: cache-mdw17327-MDW, cache-mdw17380-MDW, cache-fra19163-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 17:22:37 GMT
server: nginx
x-timer: S1604145698.642776,VS0,VE102
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 60fc1531-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 66540, 0, 0, 0

GET
H2 200 Hoves_Light_Italic.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 73 KB
73 KB 115ms
114ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_Light_Italic.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0cd76c0e7ab206f138acc0c00c8909b344ebeecd07986a950e1b7632eedca1cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f97157d-123d4"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 74708
x-served-by: cache-mdw17372-MDW, cache-mdw17362-MDW, cache-fra19158-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 18:29:17 GMT
server: nginx
x-timer: S1604145698.642750,VS0,VE104
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 6100a78e-17d6-11eb-a160-e6110f627779
x-cache-hits: 62703, 0, 0, 0

GET
H2 200 Hoves_ExtraLight.WOFF
www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/ 68 KB
68 KB 115ms
114ms Font
font/woff 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/fonts/hoves/Hoves_ExtraLight.WOFF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e52e36134236de5bc2ed14fae433aeb6c3e22964df2ee8645c05acbbbd80bec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Origin: https://www.forcepoint.com
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "5f9705dd-10f6c"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 69484
x-served-by: cache-mdw17320-MDW, cache-mdw17335-MDW, cache-fra19134-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 17:22:37 GMT
server: nginx
x-timer: S1604145698.642880,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: orig-host
content-type: font/woff
access-control-allow-origin: *
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 610066bd-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 64730, 0, 0, 0

GET
H2 200 css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css
www.forcepoint.com/sites/default/files/css/ 6 KB
2 KB 124ms
119ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974660-1820"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 2135
x-served-by: cache-mdw17362-MDW, cache-mdw17373-MDW, cache-fra19125-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:52 GMT
server: nginx
x-timer: S1604145698.647769,VS0,VE104
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60fad48e-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 63016, 0, 0, 0

GET
H2 200 css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
www.forcepoint.com/sites/default/files/css/ 26 KB
6 KB 126ms
122ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974660-68af"
age: 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 5773
x-served-by: cache-mdw17381-MDW, cache-mdw17335-MDW, cache-fra19157-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:52 GMT
server: nginx
x-timer: S1604145698.647713,VS0,VE106
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 60f50189-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 62789, 0, 0, 0

GET
H2 200 css_y115L5Knt9_PZomP6LVZexCl8E3ZuDyEhxFAHrwL1fY.css
www.forcepoint.com/sites/default/files/css/ 10 KB
3 KB 124ms
120ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_y115L5Knt9_PZomP6LVZexCl8E3ZuDyEhxFAHrwL1fY.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cb5d792f92a7b7dfcf66898fe8b5597b10a5f04dd9b83c848711401ebc0bd5f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974661-2697"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 2908
x-served-by: cache-mdw17370-MDW, cache-mdw17372-MDW, cache-fra19124-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:53 GMT
server: nginx
x-timer: S1604145698.647936,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60fc7471-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 62738, 0, 0, 0

GET
H2 200 css_5mKCL5DqNGkDcKjfp6XAFnPoMyR8hINMUbZMPbq_WW0.css
www.forcepoint.com/sites/default/files/css/ 13 KB
3 KB 125ms
120ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_5mKCL5DqNGkDcKjfp6XAFnPoMyR8hINMUbZMPbq_WW0.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e662822f90ea34690370a8dfa7a5c01673e833247c84834c51b64c3dbabf596d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974661-3426"
age: 396156, 396156
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 3292
x-served-by: cache-mdw17372-MDW, cache-mdw17382-MDW, cache-fra19120-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:53 GMT
server: nginx
x-timer: S1604145698.647873,VS0,VE106
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:59:01 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-styx-req-id: 74fd5a14-17d6-11eb-b22b-ae96c617c498
x-cache-hits: 37091, 0, 0, 0

GET
H2 200 css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
www.forcepoint.com/sites/default/files/css/ 2 MB
281 KB 124ms
119ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a1a1ccce193736380d92b310e6c721d7d727d3f5a7efca350606428827a489a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f9200d4-19047a"
age: 396190, 396190, 396190, 396190, 396190
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 286937
x-served-by: cache-mdw17339-MDW, cache-mdw17347-MDW, cache-fra19183-FRA, cache-fra19149-FRA
last-modified: Thu, 22 Oct 2020 21:59:48 GMT
server: nginx
x-timer: S1604145698.648206,VS0,VE104
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 60fbca7e-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 2558, 0, 0, 0

GET
H2 200 modernizr-custom.js Show response
www.forcepoint.com/sites/all/libraries/modernizr/ 11 KB
5 KB 125ms
121ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/libraries/modernizr/modernizr-custom.js?qitx08

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f96569d-2a3d"
age: 396191, 396191, 396191
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 4862
x-served-by: cache-mdw17349-MDW, cache-mdw17376-MDW, cache-fra19143-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 04:54:53 GMT
server: nginx
x-timer: S1604145698.648133,VS0,VE106
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 601e51c8-17d6-11eb-a160-e6110f627779
x-cache-hits: 65590, 0, 0, 0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.2/ 94 KB
33 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 29 Oct 2020 21:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138208
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33495
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Oct 2021 21:38:09 GMT

GET
H2 200 js_38VWQ3jjQx0wRFj7gkntZr077GgJoGn5nv3v05IeLLo.js Show response
www.forcepoint.com/sites/default/files/js/ 39 KB
15 KB 130ms
126ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_38VWQ3jjQx0wRFj7gkntZr077GgJoGn5nv3v05IeLLo.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dfc5564378e3431d304458fb8249ed66bd3bec6809a069f99efdefd3921e2cba

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974662-9a79"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 14902
x-served-by: cache-mdw17331-MDW, cache-mdw17372-MDW, cache-fra19134-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:54 GMT
server: nginx
x-timer: S1604145698.648710,VS0,VE107
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 6100d735-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 69013, 0, 0, 0

GET
H2 200 forms2.min.js Show response
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/ 169 KB
67 KB 126ms
122ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/forms2.min.js?qitx08

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a793b9a0507f90f79bb2f91d160962842e4b9aeb48e1475438cdae3717e3834e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f9705dc-2a548"
age: 396191, 396191, 396191
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 68073
x-served-by: cache-mdw17382-MDW, cache-mdw17364-MDW, cache-fra19147-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 17:22:36 GMT
server: nginx
x-timer: S1604145698.649396,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 601f6a9a-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 69186, 0, 0, 0

GET
H2 200 marketo_forms.js Show response
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/ 11 KB
4 KB 122ms
118ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/marketo_forms.js?qitx08

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

178c0cef22122f076e0bd80e16ed1cfbcf9bfe317b4c29f63e69fce067b93887

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f968d27-2ba1"
age: 396191, 396191, 396191, 396191, 396191
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 3961
x-served-by: cache-mdw17366-MDW, cache-mdw17378-MDW, cache-fra19170-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 08:47:35 GMT
server: nginx
x-timer: S1604145698.649371,VS0,VE102
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 601f7c94-17d6-11eb-b22b-ae96c617c498
x-cache-hits: 69424, 0, 0, 0

GET
H2 200 munchkin.js Show response
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/ 1 KB
1 KB 125ms
121ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/munchkin.js?qitx08

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9483d84c3dbce2446506011035e4135b87b44657eed947acd345faa338521004

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f97157c-54b"
age: 396191, 396191
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 788
x-served-by: cache-mdw17374-MDW, cache-mdw17374-MDW, cache-fra19160-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 18:29:16 GMT
server: nginx
x-timer: S1604145698.649366,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 60209433-17d6-11eb-b605-56226c185009
x-cache-hits: 2, 0, 0, 0

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/ 223 KB
59 KB 34ms
12ms Script
text/javascript 2a00:1450:4001:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 26 Oct 2020 20:12:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402566
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60637
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Oct 2021 20:12:11 GMT

GET
H2 200 jquery.stickybits.min.js Show response
cdnjs.cloudflare.com/ajax/libs/stickybits/3.6.7/ 5 KB
2 KB 21ms
17ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/stickybits/3.6.7/jquery.stickybits.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bf02c9770b2f6cca2e8995e99c09c07ef6f970d78f11912f924056a3eaa44e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 833704
x-via: cfworker/kv
status: 200
content-length: 1734
cf-request-id: 062021eb7000002b4dc4ac0000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:28 GMT
server: cloudflare
etag: "5eb03fdc-1372"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5DnBtQZkoWo%2Fp%2BHcHULJxCN%2FxMbMmixbCWRH%2B7kyNgNtRC0pwePiwdqqRoESr9CyqkyTik4UjytPiI2%2F4OVgR7m0mADz0FYBdGV5WAqjuZ46T9CWiRBRm6XWJTBAFOT8sw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ead38f24daf2b4d-FRA
expires: Thu, 21 Oct 2021 12:01:37 GMT

GET
H2 200 js_mMJvXJMDka1r1UQhghL_vo4efyAllmmTzPN1incU7Ro.js Show response
www.forcepoint.com/sites/default/files/js/ 63 KB
23 KB 130ms
126ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_mMJvXJMDka1r1UQhghL_vo4efyAllmmTzPN1incU7Ro.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

98c26f5c930391ad6bd544218212ffbe8e1e7f2025966993ccf3758a7714ed1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f975624-fc97"
age: 392187, 392187, 392187, 392187, 392187
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 23338
x-served-by: cache-mdw17332-MDW, cache-mdw17379-MDW, cache-fra19138-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 23:05:08 GMT
server: nginx
x-timer: S1604145698.649317,VS0,VE107
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 23:05:10 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: b24d699d-17df-11eb-87e4-8e589cac6792
x-cache-hits: 57491, 0, 0, 0

GET
H2 200 js_EzB6QYg0Tw5QIjuXXUXzevFv9vziFrfj-yJS0W5RRno.js Show response
www.forcepoint.com/sites/default/files/js/ 272 B
542 B 125ms
121ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_EzB6QYg0Tw5QIjuXXUXzevFv9vziFrfj-yJS0W5RRno.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

13307a4188344f0e50223b975d45f37af16ff6fce216b7e3fb2252d16e51467a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974662-110"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 231
x-served-by: cache-mdw17368-MDW, cache-mdw17350-MDW, cache-fra19163-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:54 GMT
server: nginx
x-timer: S1604145698.649287,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 61010221-17d6-11eb-a160-e6110f627779
x-cache-hits: 61088, 0, 0, 0

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 1 KB
798 B 205ms
91ms Script
application/x-javascript 104.111.215.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7925a2e11bef48cf274fc980f2a5e3eb9a355a6e3c875a293f3d041f4d2757ce

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:37 GMT
content-encoding: gzip
last-modified: Fri, 30 Oct 2020 22:26:01 GMT
server: AkamaiNetStorage
etag: "77c1c27cfc21a547dd5a94c062eb149d:1604096761.366583"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 572
expires: Sat, 31 Oct 2020 12:06:37 GMT

GET
H2 200 js_nRWJhQOkK2YuIyFM17gOpsF1hZbK6StRUJ1adS9xz2Y.js Show response
www.forcepoint.com/sites/default/files/js/ 21 KB
8 KB 122ms
119ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_nRWJhQOkK2YuIyFM17gOpsF1hZbK6StRUJ1adS9xz2Y.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9d15898503a42b662e23214cd7b80ea6c1758596cae92b51509d5a752f71cf66

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f97466b-52e0"
age: 89863, 89863
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 7900
x-served-by: cache-mdw17357-MDW, cache-mdw17355-MDW, cache-fra19156-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:58:03 GMT
server: nginx
x-timer: S1604145698.649275,VS0,VE103
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Sun, 31 Oct 2021 11:03:54 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-styx-req-id: 998c8b90-1a9f-11eb-87e4-8e589cac6792
x-cache-hits: 81, 0, 0, 0

GET
H2 200 js_jD8OmzLW3peUxYvgwfAf1ymkfU1Muh2j73NmuyglZKE.js Show response
www.forcepoint.com/sites/default/files/js/ 4 KB
2 KB 124ms
121ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_jD8OmzLW3peUxYvgwfAf1ymkfU1Muh2j73NmuyglZKE.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

8c3f0e9b32d6de9794c58be0c1f01fd729a47d4d4cba1da3ef7366bb282564a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f84983b-10ad"
age: 396176, 396176, 396176, 396176, 396176
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 1712
x-served-by: cache-mdw17336-MDW, cache-mdw17382-MDW, cache-fra19174-FRA, cache-fra19149-FRA
last-modified: Mon, 12 Oct 2020 17:54:03 GMT
server: nginx
x-timer: S1604145698.649203,VS0,VE105
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:41 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 690bc8c5-17d6-11eb-a160-e6110f627779
x-cache-hits: 2928, 0, 0, 0

GET
H2 200 buttons.js Show response
ws.sharethis.com/button/ 58 KB
16 KB 50ms
16ms Script
application/javascript 2600:9000:2093:8c00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/buttons.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:8c00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 8275ce62ba23473ad2cf760b9ac237a235261d5d38523c26d32ed4f48d4d2492

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 14:27:52 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 77625
etag: W/"5f80b32e-e725"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=259200
x-amz-cf-pop: HAM50-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: XPLG-aykFQ8kGr6C_boiRXRhcCxvnmz6QXVx3l5RxGYyLgwaLCHQ3Q==
via: 1.1 94fcf2ec0b048f48ffbd2e01f16d014c.cloudfront.net (CloudFront)
expires: Mon, 02 Nov 2020 14:27:52 GMT

GET
H2 200 js_3TmJ_qUXQcot-bnUMi2wLTeAmLXcyoNCoCCaeerfiTM.js Show response
www.forcepoint.com/sites/default/files/js/ 27 KB
8 KB 122ms
119ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_3TmJ_qUXQcot-bnUMi2wLTeAmLXcyoNCoCCaeerfiTM.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd3989fea51741ca2df9b9d4322db02d378098b5dcca8342a0209a79eadf8933

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f974663-6d63"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 7970
x-served-by: cache-mdw17357-MDW, cache-mdw17371-MDW, cache-fra19126-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 21:57:55 GMT
server: nginx
x-timer: S1604145698.649229,VS0,VE104
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 6100d78a-17d6-11eb-b605-56226c185009
x-cache-hits: 62718, 0, 0, 0

GET
H2 200 js_FJP39RlZcyrYzsj0WyS8EXc2N_dMm_R6GiP2a0fVlbY.js Show response
www.forcepoint.com/sites/default/files/js/ 35 KB
12 KB 156ms
153ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_FJP39RlZcyrYzsj0WyS8EXc2N_dMm_R6GiP2a0fVlbY.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

1493f7f51959732ad8cec8f45b24bc11773637f74c9bf47a1a23f66b47d595b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f7f39d8-8dd6"
age: 396100, 396100, 396100
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6j5jb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 12292
x-served-by: cache-mdw17344-MDW, cache-mdw17381-MDW, cache-fra19143-FRA, cache-fra19149-FRA
last-modified: Thu, 08 Oct 2020 16:10:00 GMT
server: nginx
x-timer: S1604145698.649630,VS0,VE147
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:59:57 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 966932e8-17d6-11eb-bd65-8a04a199118e
x-cache-hits: 25294, 0, 0, 0

GET
H2 200 js_9q813eiJY8Vo0j6iY2enraFixYox7Dz1BFvn6oUALB8.js Show response
www.forcepoint.com/sites/default/files/js/ 3 KB
1 KB 133ms
131ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_9q813eiJY8Vo0j6iY2enraFixYox7Dz1BFvn6oUALB8.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f6af35dde88963c568d23ea26367a7ada162c58a31ec3cf5045be7ea85002c1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f84983b-a75"
age: 396176, 396176
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 1018
x-served-by: cache-mdw17348-MDW, cache-mdw17383-MDW, cache-fra19145-FRA, cache-fra19149-FRA
last-modified: Mon, 12 Oct 2020 17:54:03 GMT
server: nginx
x-timer: S1604145698.652291,VS0,VE113
date: Sat, 31 Oct 2020 12:01:37 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:41 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-styx-req-id: 690b7a9c-17d6-11eb-b605-56226c185009
x-cache-hits: 2691, 0, 0, 0

GET
H2 200 forcepoint.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 2 KB
1 KB 111ms
110ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/forcepoint.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f96c570-6ad"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 783
x-served-by: cache-mdw17347-MDW, cache-mdw17347-MDW, cache-fra19158-FRA, cache-fra19149-FRA
access-control-allow-origin: *
last-modified: Mon, 26 Oct 2020 12:47:44 GMT
server: nginx
x-timer: S1604145698.092187,VS0,VE105
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 61b7d663-17d6-11eb-b605-56226c185009
x-cache-hits: 64875, 0, 0, 0

GET
H2 200 why_fp_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 13 KB
14 KB 12ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/why_fp_menu_image.jpg?itok=7PZkDIzY

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "y1mjf0jHj5/8cr/KUpS5f44OJyHbzOR7xlO/5djNFzg"
age: 3813267, 3813267
x-pantheon-styx-hostname: styx-fe3-b-5f5d494784-lpw5d
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=15805 idim=396x395 ifmt=jpeg ofsz=13734 odim=396x395 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 13734
x-served-by: cache-mdw17381-MDW, cache-mdw17358-MDW, cache-fra19138-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.205931,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 60bf5cf7-f8c2-11ea-993f-2e22ef25110c
expires: Sat, 18 Sep 2021 08:47:11 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 19, 0

GET
H2 200 dup_2.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 938 B
1 KB 11ms
11ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dup_2.png?itok=n_tCvBod

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9013ff56b3eb7dacea9886c26ddead020a8cd81822f40ead55df95b779941b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Cg/hYh8EOhYRIuxSmJfuxz90saFRXEnbdrCuDE9MlzE"
age: 2762202, 2762202
x-pantheon-styx-hostname: styx-fe3-a-857f974764-5dm8n
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1737 idim=48x48 ifmt=png ofsz=938 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 938
x-served-by: cache-mdw17344-MDW, cache-mdw17340-MDW, cache-fra19134-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.219084,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 94320a8f-0251-11eb-be7b-0ab2c53138bd
expires: Thu, 30 Sep 2021 12:44:56 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 20, 0

GET
H2 200 dup_3.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 932 B
1 KB 10ms
10ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dup_3.png?itok=9kqBfQ6p

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

519be4598150ebd07de7df2af974a5928f956f617b4cecb376181f34bf7b1df6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Co/FPfbd0r1kjwGJZCkhpbc1BNixTH3YoiDBKcCM74A"
age: 2762040
x-pantheon-styx-hostname: styx-fe3-a-857f974764-5dm8n
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1738 idim=48x48 ifmt=png ofsz=932 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 932
x-served-by: cache-mdw17369-MDW, cache-mdw17370-MDW, cache-fra19180-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.229478,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: f40d1d6a-0251-11eb-be7b-0ab2c53138bd
expires: Thu, 30 Sep 2021 12:47:37 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 2, 0

GET
H2 200 ddp.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 788 B
1 KB 12ms
11ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/ddp.png?itok=wITbcMhf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

88a9f854838d4933c158c0b65f9e855992a05790931fdd5e588f637cb82d07c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "dXjcIrBEEzC28GI2Loui2HixN4eNIAB0TKs71eri02A"
age: 4315419
x-pantheon-styx-hostname: styx-fe3-a-857f974764-zpnn5
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1645 idim=48x48 ifmt=png ofsz=788 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 788
x-served-by: cache-mdw17349-MDW, cache-mdw17349-MDW, cache-fra19141-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.241008,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 36ca85a4-f431-11ea-a39b-5ad90953acbe
expires: Sun, 12 Sep 2021 13:17:59 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1146, 20, 0

GET
H2 200 ddp-positive.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 924 B
1 KB 11ms
11ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/ddp-positive.png?itok=VN8WgY8l

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3bf68fd8998873a2885f9a5e2baccf393024fa7ebb9e992aa260dfe542e1aea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Xvs4XcPwxa50ZBYesg38NG/X9lABMhkY/I4qnyLSvog"
age: 4314567, 4314567
x-pantheon-styx-hostname: styx-fe3-b-5f5d494784-sd7mq
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1237 idim=48x48 ifmt=png ofsz=924 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 924
x-served-by: cache-mdw17378-MDW, cache-mdw17341-MDW, cache-fra19129-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.254030,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 3293c086-f433-11ea-a099-824fe7a30f67
expires: Sun, 12 Sep 2021 13:32:11 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 19, 0

GET
H2 200 dep.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 840 B
1 KB 14ms
14ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dep.png?itok=Pits8bG4

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7da0540e0b536da199335da765f4aa358878f41b295d64fea84e1ee7ae5c73ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "pdavfN5jKtYrjFgMsVztM8PJKTmYNfgbvvkV8igjM34"
age: 4315416
x-pantheon-styx-hostname: styx-fe3-a-857f974764-sxp7b
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=1082 idim=48x48 ifmt=png ofsz=840 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 840
x-served-by: cache-mdw17377-MDW, cache-mdw17342-MDW, cache-fra19148-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.267610,VS0,VE7
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 388386fe-f431-11ea-aa2e-2e3c83a662d4
expires: Sun, 12 Sep 2021 13:18:02 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 3, 1, 19, 0

GET
H2 200 dep-positive.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 976 B
1 KB 10ms
10ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/dep-positive.png?itok=71ow2RHw

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7c7037514836388334db2f123a214f7ec133481a2d7d128adb62693b5ce9dcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Xq40KOT666Dw74pppNkkPYaJ/kj8VcWWEaEW0/3IAlk"
age: 2598113
x-pantheon-styx-hostname: styx-fe3-a-857f974764-6bzgv
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=1277 idim=48x48 ifmt=png ofsz=976 odim=48x48 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 976
x-served-by: cache-mdw17350-MDW, cache-mdw17332-MDW, cache-fra19156-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.281721,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: a117b680-03cf-11eb-aa06-7ae2cf59cc15
expires: Sat, 02 Oct 2021 10:19:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 1, 2, 0

GET
H2 200 use_cases_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 15 KB
16 KB 12ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/use_cases_menu_image.jpg?itok=t2CzlWjd

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

913a3d6d72df757623fc7a1ef37ef84e60ffbff83cb9514aa01a39db05f7bee4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "xgQzsw1eUmUMk+mocFPy2y4aDYSCiyj9vhaqhltMTuo"
age: 3213842
x-pantheon-styx-hostname: styx-fe3-a-857f974764-dlq64
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=17090 idim=398x398 ifmt=jpeg ofsz=15748 odim=398x398 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 15748
x-served-by: cache-mdw17352-MDW, cache-mdw17377-MDW, cache-fra19137-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.293625,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 04e6b297-fe36-11ea-8c41-6a2b57a59b4f
expires: Sat, 25 Sep 2021 07:17:35 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 18, 0

GET
H2 200 industries_menu_image.jpg
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 22 KB
22 KB 13ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/industries_menu_image.jpg?itok=IuH0OclF

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ce35f2450851af5e3b8e502f29a7048c7da4b7474061493711a15becf6fd7e0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "GzFYYKKK3rGet8QY60KAbhWj58eO6EbXcfayMG47Ru4"
age: 4315419
x-pantheon-styx-hostname: styx-fe3-b-5f5d494784-txgqb
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=22689 idim=398x397 ifmt=jpeg ofsz=22544 odim=398x397 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 22544
x-served-by: cache-mdw17359-MDW, cache-mdw17355-MDW, cache-fra19148-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.308233,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 36e43ca2-f431-11ea-84fc-82e5316e91a9
expires: Sun, 12 Sep 2021 13:17:59 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 18, 0

GET
H2 200 blog.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 25 KB
25 KB 11ms
11ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/blog.png?itok=ak2JFh3Q

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b46b95aec476bbd119873b245722eef166772d341eca4f2fcff05e3a30b62de0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "RUqXqtWs8EO0PKAffHJV9sp3+izz7ncbQPAcg2c/Y7Y"
age: 145924
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=28601 idim=280x148 ifmt=png ofsz=25510 odim=280x148 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 25510
x-served-by: cache-mdw17337-MDW, cache-mdw17356-MDW, cache-fra19120-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.320807,VS0,VE5
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 134dc7b5-1a1d-11eb-b01e-0601e0c6002c
expires: Sat, 30 Oct 2021 19:29:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 19, 0

GET
H2 200 insider-risk.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 21 KB
21 KB 14ms
14ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/insider-risk.png?itok=5Z5CPiwh

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fda75daabf20c593fb3c3cb3ffee398c33a8a59dfb22350e575072f6a294a7d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "20th92PH+eIhSeVJNCnM/F2D5vhTJqtRCmgBFPfduYo"
age: 145875, 145875
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6j5jb
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=24409 idim=280x148 ifmt=png ofsz=21154 odim=280x148 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 21154
x-served-by: cache-mdw17355-MDW, cache-mdw17381-MDW, cache-fra19129-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.333682,VS0,VE8
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 2ff0354b-1a1d-11eb-bd65-8a04a199118e
expires: Sat, 30 Oct 2021 19:30:22 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 2, 253, 0

GET
H2 200 zero-trust.png
www.forcepoint.com/sites/default/files/styles/menu_image/public/ 19 KB
20 KB 13ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/menu_image/public/zero-trust.png?itok=HAGMualJ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "xiwj+S0Dj29f4aQWtJLnTPNAR/J+u2o0KuHxrWgWIiU"
age: 145801
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=24625 idim=280x148 ifmt=png ofsz=19840 odim=280x148 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 19840
x-served-by: cache-mdw17357-MDW, cache-mdw17348-MDW, cache-fra19144-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.348917,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 5cdaf390-1a1d-11eb-9708-ae96c617c498
expires: Sat, 30 Oct 2021 19:31:37 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 19, 0

GET
H2 200 mariano-diaz-7f65hdp0-e0-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___full_content___xlarge/public/hero/ 56 KB
57 KB 139ms
139ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___full_content___xlarge/public/hero/mariano-diaz-7f65hdp0-e0-unsplash.jpg?itok=0FlFu6vW&timestamp=1604061272

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b2061cb6a8e442a3fb2a9914e62d951aac02e182784d202369ce920aa88fd019

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Abuix5LVxaq4lJEJpVal/eZFO6ANQ+i+HVI547faQ2o"
age: 84382
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=45400 idim=792x303 ifmt=jpeg ofsz=57532 odim=792x303 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 57532
x-served-by: cache-mdw17335-MDW, cache-mdw17342-MDW, cache-fra19164-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.362926,VS0,VE133
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 5cee78bc-1aac-11eb-b605-56226c185009
expires: Sun, 31 Oct 2021 12:35:16 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 0, 0

GET
H2 200 css_9BCXL2PNej5yvO2KnZ5YU846aPgU0fP5dQpx-xQNfsM.css
www.forcepoint.com/sites/default/files/css/ 7 KB
2 KB 114ms
113ms Stylesheet
text/css 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/css/css_9BCXL2PNej5yvO2KnZ5YU846aPgU0fP5dQpx-xQNfsM.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f410972f63cd7a3e72bced8a9d9e5853ce3a68f814d1f3f9750a71fb140d7ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f8db301-1a21"
age: 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 1439
x-served-by: cache-mdw17361-MDW, cache-mdw17346-MDW, cache-fra19121-FRA, cache-fra19149-FRA
last-modified: Mon, 19 Oct 2020 15:38:41 GMT
server: nginx
x-timer: S1604145699.624121,VS0,VE107
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-styx-req-id: 61ca106a-17d6-11eb-87e4-8e589cac6792
x-cache-hits: 59898, 0, 0, 0

GET
H2 200 image_placeholder.gif
www.forcepoint.com/sites/all/modules/contrib/lazyloader/ 828 B
1 KB 10ms
10ms Image
image/gif 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/modules/contrib/lazyloader/image_placeholder.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf401f0aec11d24c5272997dcb1ffb78c55df70499a70c7f0863b91e215a592b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "Kpd+TedBxySIGLFOhcKwL25G5FKFFcHJQGH7xnF3BKs"
age: 6243204
x-pantheon-styx-hostname: styx-fe3-b-7ccfb4b767-kkmsp
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=1887 idim=20x20 ifmt=gif ofsz=828 odim=20x20 ofmt=gif
status: 200
fastly-stats: io=1
content-length: 828
x-served-by: cache-mdw17333-MDW, cache-mdw17372-MDW, cache-fra19156-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145698.494269,VS0,VE4
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: bda86197-e2a8-11ea-9930-9a7691e92c5c
expires: Sat, 21 Aug 2021 05:48:15 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 20, 0

GET
H2 200 pix_phish_1.png
www.forcepoint.com/sites/default/files/inline/ 172 KB
172 KB 177ms
177ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/inline/pix_phish_1.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

29d2f106a99a4e0ab8119a7eff1ef5e8a5032f6700900f694121c80a8320d636

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "l06row5AiqwdvPtlJ7jm3g9xdmT7ULLeJzOLSBNHji0"
age: 84046, 84046
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=305668 idim=1415x815 ifmt=png ofsz=175800 odim=1415x815 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 175800
x-served-by: cache-mdw17365-MDW, cache-mdw17365-MDW, cache-fra19166-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.505204,VS0,VE172
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 255868d5-1aad-11eb-9708-ae96c617c498
expires: Sun, 31 Oct 2021 12:40:52 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 26, 0, 0

GET
H2 200 pix_phish_2.png
www.forcepoint.com/sites/default/files/inline/ 5 KB
6 KB 115ms
115ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/inline/pix_phish_2.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c816a3b84358da6c4f4436d7afae0826aff6247c312f8998f922b944a43a6743

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "tbQKLXiMTcVaJOkQ1BAJf9mONeHumIGTP/a+NTFoKjw"
age: 83361, 83361
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: MISS, HIT, MISS, MISS
fastly-io-info: ifsz=15876 idim=633x355 ifmt=png ofsz=5556 odim=633x355 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 5556
x-served-by: cache-mdw17346-MDW, cache-mdw17337-MDW, cache-fra19146-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.598810,VS0,VE109
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: bdc36a57-1aae-11eb-b01e-0601e0c6002c
expires: Sun, 31 Oct 2021 12:52:17 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 0, 0

GET
H2 200 mean_time_to_detect_hero.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/ 25 KB
25 KB 17ms
15ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/mean_time_to_detect_hero.jpg?itok=dp9PUdO8&timestamp=1603890668

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

23821571872a83c43ffbaccd85f6447da8462361c42e5877776ec4b50a56e5e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "sNF8cfb5XEcGSR8NebskzHX0VqqQqSlUJVW+PcK/apk"
age: 252850
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=20424 idim=387x240 ifmt=jpeg ofsz=25602 odim=387x240 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 25602
x-served-by: cache-mdw17333-MDW, cache-mdw17355-MDW, cache-fra19144-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.623829,VS0,VE9
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 1dcf995b-1924-11eb-a160-e6110f627779
expires: Fri, 29 Oct 2021 13:47:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 1, 0

GET
H2 200 4a-future-insights2021-woman-looking-right-2000x1333px_1.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/ 6 KB
7 KB 15ms
13ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/4a-future-insights2021-woman-looking-right-2000x1333px_1.jpg?itok=geMCIw7P&timestamp=1603766960

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ab02e7268fb89fe4f957122f633ee562e025adcbb94bea973f426b3f5f5b1806

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "HghJK6jl37nLIDG9K+MYoLDQsVOMZmZn5ZBJJxQnV3o"
age: 343065, 343065
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=7111 idim=387x240 ifmt=jpeg ofsz=6446 odim=387x240 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 6446
x-served-by: cache-mdw17328-MDW, cache-mdw17323-MDW, cache-fra19155-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.623817,VS0,VE7
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 11ca0f5c-1852-11eb-b01e-0601e0c6002c
expires: Thu, 28 Oct 2021 12:43:52 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 1, 0

GET
H2 200 chris-panas-0yiy0xajjhq-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/ 6 KB
7 KB 16ms
14ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/paragraph___hero_image___teaser___xlarge/public/hero/chris-panas-0yiy0xajjhq-unsplash.jpg?itok=Amy-C1Aw&timestamp=1603251439

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4d1a17044b0075f8f1089bfe74833f44697cb61e60c86287e8a191516abaa853

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "/Y0k6MehH94mN9azleIhhvTPQ4CETWkLlnflSOJ/SVA"
age: 859761
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6j5jb
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=7162 idim=387x240 ifmt=jpeg ofsz=6642 odim=387x240 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 6642
x-served-by: cache-mdw17369-MDW, cache-mdw17326-MDW, cache-fra19164-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.624269,VS0,VE8
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 0b3ee663-139f-11eb-bd65-8a04a199118e
expires: Fri, 22 Oct 2021 13:12:17 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 0, 1, 1, 0

GET
H2 200 mariano-diaz-7f65hdp0-e0-unsplash.jpg
www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/ 6 KB
7 KB 13ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/default/files/styles/footer_menu_featured_blog/public/hero/mariano-diaz-7f65hdp0-e0-unsplash.jpg?itok=nNiTsw86

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

72e4b47a17fe8af5accf40c4965387a6ed961a73bab5f487768e055d394711d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "b/eBnHO+OjS94CnHjvJt5R4WcgxequdXToPnb0y1+YA"
age: 80880, 80880
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=5504 idim=199x111 ifmt=jpeg ofsz=6606 odim=199x111 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 6606
x-served-by: cache-mdw17367-MDW, cache-mdw17332-MDW, cache-fra19183-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.624200,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: 84a0858f-1ab4-11eb-b605-56226c185009
expires: Sun, 31 Oct 2021 13:33:38 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 16, 0

GET
H2 200 js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js Show response
www.forcepoint.com/sites/default/files/js/ 23 KB
8 KB 111ms
110ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_YGsUV3Ce7aXBJBS23_v5HOE_E5QvyXDXhYBu_X7nNNU.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f975624-5a28"
age: 392188, 392188, 392188, 392188
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 7808
x-served-by: cache-mdw17357-MDW, cache-mdw17377-MDW, cache-fra19155-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 23:05:08 GMT
server: nginx
x-timer: S1604145698.926090,VS0,VE104
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 23:05:10 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: b24d6997-17df-11eb-87e4-8e589cac6792
x-cache-hits: 61722, 0, 0, 0

GET
H2 200 js_oaw9dVs4fCiUNWO4LbIth0obGSuoEZpLw_Fpeip-JYs.js Show response
www.forcepoint.com/sites/default/files/js/ 15 KB
6 KB 110ms
110ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_oaw9dVs4fCiUNWO4LbIth0obGSuoEZpLw_Fpeip-JYs.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a1ac3d755b387c28943563b82db22d874a1b192ba8119a4bc3f1697a2a7e258b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f7f1925-3a6f"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6j5jb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 5862
x-served-by: cache-mdw17339-MDW, cache-mdw17338-MDW, cache-fra19142-FRA, cache-fra19149-FRA
last-modified: Thu, 08 Oct 2020 13:50:29 GMT
server: nginx
x-timer: S1604145698.927298,VS0,VE104
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:28 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 6163c4aa-17d6-11eb-bd65-8a04a199118e
x-cache-hits: 54489, 0, 0, 0

GET
H2 200 js_tpyEWPXKXD8JNF7tS4uoWBSe7AyZ23SgHoYPbltZaK8.js Show response
www.forcepoint.com/sites/default/files/js/ 35 KB
10 KB 110ms
109ms Script
application/x-javascript 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/default/files/js/js_tpyEWPXKXD8JNF7tS4uoWBSe7AyZ23SgHoYPbltZaK8.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b69c8458f5ca5c3f09345eed4b8ba858149eec0c99db74a01e860f6e5b5968af

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f9200d3-8ad2"
age: 396189, 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 10275
x-served-by: cache-mdw17370-MDW, cache-mdw17356-MDW, cache-fra19172-FRA, cache-fra19149-FRA
last-modified: Thu, 22 Oct 2020 21:59:47 GMT
server: nginx
x-timer: S1604145698.038593,VS0,VE104
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-styx-req-id: 618d0b92-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 62678, 0, 0, 0

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.forcepoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.forcepoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4027015091739477581

4 B
484 B

526ms
392ms

Image
image/jpeg

99.86.2.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4027015091739477581
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.2.95 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-2-95.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Via: 1.1 94faae20b0f122c4555025f52a2fd745.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA6-C1
x-amzn-RequestId: 1ed70422-237f-4b2c-880a-6c83bd1ba52a
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5f9d5223-63aa52ff73d1fe4e1df13f17;Sampled=0
Connection: keep-alive
x-amz-apigw-id: VRnFlEmEIAMFqcQ=
Content-Length: 4
X-Amz-Cf-Id: ZZUa1wFmxsz-8O4oakCxpo_CPAlSV8dN-6DCa2JhP8Vmnk-GTpPZHA==

Redirect headers

Pragma: no-cache
Date: Sat, 31 Oct 2020 12:01:39 GMT
X-Proxy-Origin: 194.99.105.99; 194.99.105.99; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.69:80
AN-X-Request-Uuid: 50fd9de9-b89e-4c5f-bdd6-3d1a7ffae7f8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=www.forcepoint.com&pId=4027015091739477581
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 js_visitor_settings.php Show response
dev.visualwebsiteoptimizer.com/deploy/ 6 KB
3 KB 164ms
57ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&random=0.5697911023977063
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 5097252f03e54e40175771e7a8d15d4552f8d43c3f79c2000c96cec1fe718462

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:37 GMT
content-encoding: gzip
server: gfra1
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google
content-type: application/javascript; charset=UTF-8

GET
H3-Q050 200 track-0ca7acdf418d8c12f3819dda65c35024.js Show response
dev.visualwebsiteoptimizer.com/7.0/ 11 KB
4 KB 111ms
60ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/7.0/track-0ca7acdf418d8c12f3819dda65c35024.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&random=0.5697911023977063
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: ebace77f08582c8518a06375ee41263d1f09bacffccc36b25181b03b0652b249

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: br
last-modified: Thu, 29 Oct 2020 10:44:47 GMT
server: gfra1
status: 200
etag: "5f9a9d1f-da8"
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3496
via: 1.1 google

GET
H3-Q050 200 opa-56761856850233eb41e36332d7e3cf79.js Show response
dev.visualwebsiteoptimizer.com/analysis/4.0/ 91 KB
24 KB 113ms
63ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-56761856850233eb41e36332d7e3cf79.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&random=0.5697911023977063
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 86e8428fa1f7a039682565e701bc7c562fd5274be25fc3b3b5cc3f17bdfe4ef5

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: br
last-modified: Thu, 29 Oct 2020 10:44:46 GMT
server: gfra1
status: 200
etag: "5f9a9d1e-5dc7"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24007
via: 1.1 google

GET
H3-Q050 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
172 B 137ms
136ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=371490&d=forcepoint.com&u=D2C1E3EBCDDFC5F8CAF7C491EC026A2B5&h=4b040af9d0b46acfa422d3e0abb91e1a&r=0.7112175783661769

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:38 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H/1.1 200
OK vis_opt.js Show response
d5phz18u4wuww.cloudfront.net/ 168 KB
56 KB 208ms
67ms Script
text/javascript 54.230.182.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.230.182.189 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-182-189.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Sat, 31 Oct 2020 11:01:45 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Thu, 02 May 2019 08:14:16 GMT
Server: AmazonS3
Age: 3594
ETag: "85932b0cd7c8dce121fa1923529a3189"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 cf515c02569c487b713286bcf353f909.cloudfront.net (CloudFront)
Cache-Control: max-age=3600
X-Amz-Cf-Pop: HAM50-C3
Accept-Ranges: bytes
Content-Length: 57240
X-Amz-Cf-Id: O_L6hoG98K9kNXgGvC_sjQJcBLpdcaRA_KTAace3EpJql2zlcKimkg==

GET
H3-Q050 200 vis_opt-0ca7acdf418d8c12f3819dda65c35024.js Show response
dev.visualwebsiteoptimizer.com/7.0/ 203 KB
58 KB 51ms
50ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/7.0/vis_opt-0ca7acdf418d8c12f3819dda65c35024.js
Requested by: Host: d5phz18u4wuww.cloudfront.net
URL: https://d5phz18u4wuww.cloudfront.net/vis_opt.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 8153575fa281d697e1733cb4d9bca0672c7a53bfe2d17191da06bb418c9247de

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: br
last-modified: Thu, 29 Oct 2020 10:44:47 GMT
server: gfra1
status: 200
etag: "5f9a9d1f-e802"
vary: Accept-Encoding, User-Agent
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59394
via: 1.1 google

GET
H2 200 async-buttons.js Show response
ws.sharethis.com/button/ 89 KB
19 KB 17ms
15ms Script
application/javascript 2600:9000:2093:8c00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/async-buttons.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:8c00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: b80a71bbfd599367ed06d6cd8a59d87bf0b02aafde9b20b1554abcfbf00abae3

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 22:48:07 GMT
content-encoding: gzip
server: nginx/1.16.1
age: 47611
etag: "5f80b36e-16245"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=259200
x-amz-cf-pop: HAM50-C1
x-robots-tag: noindex, nofollow
x-amz-cf-id: oMMk-BSuaBa0o3vZJlQvmkQEh11NySByj9ATrjhgyRBAKaPOUPysQg==
via: 1.1 94fcf2ec0b048f48ffbd2e01f16d014c.cloudfront.net (CloudFront)
expires: Mon, 02 Nov 2020 22:48:07 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/ 401 KB
110 KB 144ms
143ms Script
application/x-javascript 104.111.215.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1d77e8287d004c24f8cec3feb7813d728ff8be437a4ae79f42259bcf9f6d4359

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: gzip
last-modified: Fri, 30 Oct 2020 22:26:00 GMT
server: AkamaiNetStorage
etag: "433b883297cd24f4064414893fd760ca:1604096760.585643"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
expires: Sat, 31 Oct 2020 12:06:38 GMT

GET
DATA 200
OK truncated
/ 228 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f83d0e410eff198ed5a5e5cbb597db1f33421bdca9d09bbe7f389f5720a721e1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 166 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 450 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 141 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 187 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 660 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 372 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 angle-right-black.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 121 B
421 B 114ms
113ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/angle-right-black.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f96c320-79"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 127
x-served-by: cache-mdw17338-MDW, cache-mdw17381-MDW, cache-fra19138-FRA, cache-fra19149-FRA
access-control-allow-origin: *
last-modified: Mon, 26 Oct 2020 12:37:52 GMT
server: nginx
x-timer: S1604145699.636270,VS0,VE107
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 61c7faba-17d6-11eb-b605-56226c185009
x-cache-hits: 45031, 0, 0, 0

GET
DATA 200
OK truncated
/ 151 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52de4f853e32cbad1473948b54b45888a76d70bc156a906a4e90d3fe9d63384f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 icon-anchor-arrow-teal.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/ 655 B
702 B 115ms
114ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/static-icons/icon-anchor-arrow-teal.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f9705dd-28f"
age: 396189
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-6gnc5
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 400
x-served-by: cache-mdw17333-MDW, cache-mdw17328-MDW, cache-fra19168-FRA, cache-fra19149-FRA
access-control-allow-origin: *
last-modified: Mon, 26 Oct 2020 17:22:37 GMT
server: nginx
x-timer: S1604145699.641856,VS0,VE109
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 61c8c316-17d6-11eb-b01e-0601e0c6002c
x-cache-hits: 58681, 0, 0, 0

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5801778ff84312987440fe98294960b5b514a764ce5cd09cd6afcffcf38862f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79673753d63f34d0e4d8fcec94babbf043b27387bd7767d0ba8c354f3642a54c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89f73af23bcadce2d0605735149c8a7ce2586cfcb9db7a158521b1ed9139e69e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a51ccbe50d3e48a6dbfab565c9cd32eb148afb8134890b8437fb85c2b09d0c74

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 f-white.svg
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/ 257 B
482 B 115ms
114ms Image
image/svg+xml 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/logos/f-white.svg

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f9702c0-101"
age: 396189, 396189, 396189, 396189
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 187
x-served-by: cache-mdw17383-MDW, cache-mdw17369-MDW, cache-fra19124-FRA, cache-fra19149-FRA
access-control-allow-origin: *
last-modified: Mon, 26 Oct 2020 17:09:20 GMT
server: nginx
x-timer: S1604145699.657562,VS0,VE109
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding, orig-host
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:29 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 61cde7f8-17d6-11eb-b605-56226c185009
x-cache-hits: 53109, 0, 0, 0

GET
DATA 200
OK truncated
/ 442 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ajax-loader.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 363 B
758 B 14ms
14ms Image
image/gif 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ajax-loader.gif

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/css/css_WhoczOGTc2OA2SsxDmxyHX1yfT9afvyjUGBkKIJ6SJo.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "ga7U9bAOPM7Oepbue6I1XLSNh+Easwa5vEhZjyyparo"
age: 2009937, 2009937
x-pantheon-styx-hostname: styx-fe3-b-968b66656-kj24t
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=404 idim=43x11 ifmt=gif ofsz=363 odim=43x11 ofmt=gif ofrm=4
status: 200
fastly-stats: io=1
content-length: 363
x-served-by: cache-mdw17335-MDW, cache-mdw17332-MDW, cache-fra19158-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.658900,VS0,VE8
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 15921ec3-0929-11eb-8829-aa9e051c7c3c
expires: Sat, 09 Oct 2021 05:42:42 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 16, 0

GET
DATA 200
OK truncated
/ 383 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 558 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 356 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 431 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 688 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

eu-cookie-compliance Show response
www.forcepoint.com/ajax/
Redirect Chain

https://www.forcepoint.com/ajax/eu-cookie-compliance/
https://www.forcepoint.com/ajax/eu-cookie-compliance

269 B
3 KB

119ms
118ms

XHR
application/json

2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/ajax/eu-cookie-compliance

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

705625f67416c089ec12f98067511c51064b70b57ee1241ba675a1030d26213c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-eval' .fonts.net analyticsssl.forcepoint.com .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com static.ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com bam.nr-data.net maps.gstatic.com .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net tags.w55c.net .demandbase.com .company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net .newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com attr.ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com .js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js .consensu.org .bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src data: ; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-encoding: gzip
x-content-type-options: nosniff
age: 711, 711, 711
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7
x-cache: HIT, MISS, MISS, MISS
status: 200
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
vary: Accept-Encoding, x-geo-country, orig-host
content-length: 177
etag: W/"1604144988-0"
x-served-by: cache-mdw17337-MDW, cache-mdw17328-MDW, cache-fra19174-FRA, cache-fra19149-FRA
last-modified: Sat, 31 Oct 2020 11:49:48 GMT
server: nginx
x-timer: S1604145699.906758,VS0,VE112
x-frame-options: SAMEORIGIN
date: Sat, 31 Oct 2020 12:01:39 GMT
strict-transport-security: max-age=18410000
content-language: en
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Sun, 19 Nov 1978 05:00:00 GMT
cache-control: public, max-age=1800
accept-ranges: bytes, bytes, bytes
content-type: application/json
x-styx-req-id: 2d541cd0-1b6f-11eb-9708-ae96c617c498
x-drupal-cache: MISS
x-cache-hits: 3, 0, 0, 0

Redirect headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 0, 0, 0, 0
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-2mqj6
x-cache: MISS, MISS, MISS, MISS
status: 301
content-length: 0
x-served-by: cache-mdw17321-MDW, cache-mdw17325-MDW, cache-fra19178-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.712300,VS0,VE178
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: x-geo-country, Cookie, orig-host
content-type: text/html; charset=UTF-8
location: https://www.forcepoint.com/ajax/eu-cookie-compliance
expires: Sun, 19 Nov 1978 05:00:00 GMT
cache-control: no-cache, must-revalidate
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: d4f07c31-1b70-11eb-b605-56226c185009
x-drupal-cache: MISS
x-cache-hits: 0, 0, 0, 0

GET
DATA 200
OK truncated
/ 199 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6408a837784b4b1e5bdce4b19d2bb4ff1c08c63eaebfe028bd91a559e7eceb8c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 chosen-sprite.png
www.forcepoint.com/sites/all/libraries/chosen/ 430 B
825 B 13ms
12ms Image
image/webp 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/libraries/chosen/chosen-sprite.png

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/sites/default/files/css/css_faNxbZlG8sYJ1IiqfFXoOTUUnOTNzg59gAMKpmO43D0.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "zv1lE2Lr9Kk1HzjHcZEB3/uXEUVp6pb4opLSEJON338"
age: 8351619, 8351619
x-pantheon-styx-hostname: styx-fe3-a-745747b57-7tdkd
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=538 idim=52x37 ifmt=png ofsz=430 odim=52x37 ofmt=webp
status: 200
fastly-stats: io=1
content-length: 430
x-served-by: cache-mdw17338-MDW, cache-mdw17331-MDW, cache-fra19127-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.723026,VS0,VE7
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/webp
x-styx-req-id: b34d2a01-cf7b-11ea-bd14-6202a924e034
expires: Tue, 27 Jul 2021 20:07:58 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 1, 1, 18, 0

GET
H2 200 getForm Show response
www.forcepoint.com/index.php/form/ 16 KB
4 KB 767ms
767ms XHR
application/json 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/index.php/form/getForm?munchkinId=018-NKF-008&form=2810&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment

Requested by

Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/forms2.min.js?qitx08

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7fc6a0616e0a7cf3b8abaa2ab6a02147601829c741de3c870ab3df86aec4af5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=63113904
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
access-control-allow-origin: *
x-cache: MISS, MISS
status: 200
content-length: 3805
cf-request-id: 062021efe900000610bb006000000001
x-served-by: cache-fra19140-FRA, cache-fra19149-FRA
server: cloudflare
x-timer: S1604145699.731812,VS0,VE761
date: Sat, 31 Oct 2020 12:01:39 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, orig-host
content-type: application/json; charset=utf-8
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
cf-ray: 5ead38f97aa80610-FRA
x-cache-hits: 0, 0

GET
H2 200 loading.gif
www.forcepoint.com/sites/all/themes/custom/fp/assets/img/ 76 KB
77 KB 12ms
12ms Image
image/gif 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.forcepoint.com/sites/all/themes/custom/fp/assets/img/loading.gif

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
etag: "1jEtdmhYtvyzN6Srr4mLY9uwHnV03vhqrN9WPOrXo7A"
age: 1997011, 1997011
x-pantheon-styx-hostname: styx-fe3-b-968b66656-22vm7
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=80522 idim=200x200 ifmt=gif ofsz=78220 odim=200x200 ofmt=gif ofrm=30
status: 200
fastly-stats: io=1
content-length: 78220
x-served-by: cache-mdw17350-MDW, cache-mdw17325-MDW, cache-fra19179-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145699.740951,VS0,VE6
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept, orig-host
content-type: image/gif
x-styx-req-id: 2d0fc2dd-0947-11eb-bd20-96af033f5235
expires: Sat, 09 Oct 2021 09:18:06 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes
x-cache-hits: 0, 1, 20, 0

GET
H3-Q050 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
55 B 137ms
137ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=371490&u=D2C1E3EBCDDFC5F8CAF7C491EC026A2B5&s=1604145697&p=1&ed=%7B%22tO%22%3A%22-1%22%2C%22lt%22%3A%221604145698751%22%2C%22r%22%3A%22%22%2C%22ul%22%3A%22en-us%22%2C%22de%22%3A%22UTF-8%22%2C%22sc%22%3A%2224%22%2C%22sr%22%3A%221600x1200%22%7D&cu=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&r=0&cq=1&vn=7.0.77&vns=undefined&vno=undefined&eTime=1604145697752&random=0.8948419760978252

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:38 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 portal-v2.html
c.sharethis.mgr.consensu.org/ Frame C73A 0
0 47ms
14ms Document
text/html 2600:9000:2093:ba00:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:ba00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Response headers

status: 200
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
last-modified: Thu, 01 Oct 2020 18:27:43 GMT
cache-control: max-age=3600, public
date: Sat, 31 Oct 2020 11:38:06 GMT
etag: W/"83a-174e56b8518"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 34b26b9570d823536072a91c564a4d8d.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: 2dw0O_DF2snhz2R-ihwkkPU2hwDio4UsP730xrFonRT8G0fgGRomeg==
age: 1412

GET
H3-Q050 200 worker-70faafffa0475802f5ee03ca5ff74179.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
14 KB 117ms
63ms XHR
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-56761856850233eb41e36332d7e3cf79.js
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: br
last-modified: Mon, 16 Mar 2020 04:40:32 GMT
server: gfra1
status: 200
etag: "5e6f0340-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13599
via: 1.1 google

GET
H2 200 buttons-secure.css
ws.sharethis.com/button/css/ 23 KB
4 KB 15ms
14ms Stylesheet
text/css 2600:9000:2093:8c00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/css/buttons-secure.css
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:8c00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 03:15:04 GMT
content-encoding: gzip
last-modified: Fri, 09 Oct 2020 19:01:02 GMT
server: nginx/1.16.1
age: 31594
etag: "5f80b36e-5a76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
status: 200
x-amz-cf-pop: HAM50-C1
x-robots-tag: noindex, nofollow
content-length: 3851
via: 1.1 94fcf2ec0b048f48ffbd2e01f16d014c.cloudfront.net (CloudFront)
x-amz-cf-id: TXTpi1W1JDsBKsC0W9HrUiMA4zwu8CIWd_QaZsKyQzGc36ozN_ts5w==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
340 B 241ms
61ms XHR
text/plain 18.195.43.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1604145698616.31225&hostname=www.forcepoint.com&location=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&product=widget&fcmp=false&fcmpv2=false&publisher=dr-1a8ea6fe-97f3-ecd7-f9ef-9fd1e2c0c34&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&title=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sop=false&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://www.forcepoint.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862
https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862

370 B
1 KB

73ms
73ms

XHR
application/json

52.49.13.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.13.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-13-247.eu-west-1.compute.amazonaws.com

Software

Resource Hash

f05d0eed73b7e81059f4d7939ee5623bf4d1760081678587945ad66e4fe84ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v085-09dabb7bc.edge-irl1.demdex.com 5.79.0.20201028125013 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: 00k+7NTMTS4=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.forcepoint.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.forcepoint.com
X-TID: BxlZiiTrQA8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=8DC067C25245AFA80A490D4C%40AdobeOrg&d_nsid=0&ts=1604145698862
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 86 KB
33 KB 221ms
52ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA7) /
Resource Hash: 4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
last-modified: Wed, 28 Oct 2020 21:30:53 GMT
server: ECS (amb/6BA7)
age: 69700
etag: "d6605b9d71add61:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
cache-control: max-age=86400
accept-ranges: bytes
content-length: 33769

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 733
date: Sat, 31 Oct 2020 11:49:25 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Sat, 31 Oct 2020 13:49:25 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 201ms
65ms Script
application/x-javascript 104.89.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.23.244 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-23-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 24ms
11ms Script
application/x-javascript 2a02:26f0:eb:3b4::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:3b4::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=33755
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 / Show response
6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/ 479 B
615 B 158ms
48ms Script
application/json 151.101.113.131
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.131 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0424b51f13d400d9eb585e81a203508a431b00ed380f98d390ebc766b30db611

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: br
x-backend-region: eu_west_1
age: 6357
x-amz-apigw-id: VRXkKEV6joEFdbg=
etag: 66239989a1923b65dedc2181e2267b4a-v0.178.1
vary: Accept-Encoding, Referer
x-cache: Miss from cloudfront, HIT
content-type: application/json
status: 200
cache-control: max-age=0, must-revalidate
x-amz-cf-pop: FRA2-C1
accept-ranges: none
access-control-allow-origin: *

GET
H2 200 bt3rzfauhdaf.js Show response
js.driftt.com/include/1604145900000/ 137 KB
45 KB 331ms
196ms Script
application/javascript 52.85.32.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1604145900000/bt3rzfauhdaf.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.32.71 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-32-71.ham50.r.cloudfront.net

Software

nginx /

Resource Hash

7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
x-amz-cf-pop: HAM50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 13 Oct 2020 15:05:22 GMT
server: nginx
etag: W/"a48548cec5608126b24de4cbfe9bfb8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 fac4016d40efb9989ddc8d36322eeefc.cloudfront.net (CloudFront)
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UjdtvMc3HdlTwq6y1Osyr2GugD4BHFaywcHq5N9sfsZvRw-FceU8ow==

GET
H2

200

oct.js Show response
static.ads-twitter.com/
Redirect Chain

https://platform.twitter.com/oct.js
https://static.ads-twitter.com/oct.js

5 KB
2 KB

155ms
53ms

Script
application/javascript

151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/oct.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
age: 52139
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4083-HHN
last-modified: Wed, 21 Oct 2020 21:46:56 GMT
x-timer: S1604145699.038790,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

Redirect headers

x-tw-cdn: VZ
Date: Sat, 31 Oct 2020 12:01:38 GMT
Server: ECS (fcn/41A2)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location: https://static.ads-twitter.com/oct.js
Content-Length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
37 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9839411

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5b4d853430d5557c3ed99dbd1780a198e25e0b6afa960beb3ddf2cb9806df98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38202
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 31 Oct 2020 12:01:38 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 39 KB
13 KB 173ms
58ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 68253ec054bea4b6ab38323bec24b592d9f2d685adcd63a7c1271ea27d7740ed

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: zrbPOMMu6ynl1D1pSi_Kb.TcYsdwZuQo
Content-Encoding: gzip
ETag: "b538cefd8a74513baa32666f5ad3b307"
x-amz-request-id: 0A38A3A1DF99BE44
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 12342
x-amz-id-2: WFMpWYMSbopkv8KPwoHIvoJsHaRMYkAw1hhvQ9zBvX6AF7ZuOEdWs2er01F8VZTEi1WH2hmLr1E=
Last-Modified: Wed, 28 Oct 2020 15:33:38 GMT
Server: AmazonS3
Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: 3K9oXxncv5QdnRyZq4dL+T2A/jUWdJHrMTFzifyan/ss1GN4oJhRRNP/EJavBDHyhX5yc9oTkkeQva/lzOwOVQ==
x-fb-trip-id: 780166575
x-frame-options: DENY
date: Sat, 31 Oct 2020 12:01:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 163ms
53ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
age: 52143
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1958
x-served-by: cache-hhn4083-HHN
last-modified: Wed, 21 Oct 2020 21:46:56 GMT
x-timer: S1604145699.038814,VS0,VE0
etag: "a4cc3f907681b24a3efd540acd5d2996+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 adex.js Show response
dmp.theadex.com/d/506/3014/s/ 40 KB
14 KB 202ms
57ms Script
application/javascript 89.163.159.103
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://dmp.theadex.com/d/506/3014/s/adex.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.103 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 2d6b3f3c5ff369d4df14f16820d8300a5c57ea938bc1f932421a5d6241f9e568

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
last-modified: Fri, 09 Oct 2020 07:26:02 GMT
server: nginx
etag: W/"5f80108a-a1c8"
content-type: application/javascript
status: 200
cache-control: max-age=300
access-control-allow-credentials: true
expires: Sat, 31 Oct 2020 12:06:39 GMT

GET
H2 200 2NSeEr5qA0s0pJTc3vV6 Show response
ws.zoominfo.com/pixel/ 0
722 B 402ms
367ms Script
text/javascript 2606:4700::6810:650c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/2NSeEr5qA0s0pJTc3vV6

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-powered-by: Express
status: 200
content-length: 0
cf-request-id: 062021f07e000064cdd48eb000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 5ead38fa6be964cd-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
202 B 54ms
53ms Script
application/x-javascript 104.111.215.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=websense/forcepoint-2018/202010302225&cb=1604145698886
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.215.136 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-136.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
last-modified: Thu, 14 Apr 2016 16:57:51 GMT
server: AkamaiNetStorage
etag: "7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type: application/x-javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Sat, 31 Oct 2020 12:11:38 GMT

GET
H2

200

/
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D2141257%26fmt%3Dgif%26_rnd%3D0.7805006511535972%26liSync%3Dtrue
https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972&liSync=true

43 B
115 B

177ms
176ms

Image
image/gif

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972&liSync=true
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
server: Play
linkedin-action: 1
vary: Accept-Encoding
content-type: image/gif
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-length: 65
x-li-uuid: Ve0FuQMSQxaQtzTtBCsAAA==
x-li-fabric: prod-lor1

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: OsYIsgMSQxZgM9qUGSsAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: 63DF85C0F7324D1D9354B0A9B6DEE76F Ref B: FRAEDGE0720 Ref C: 2020-10-31T12:01:39Z
x-frame-options: sameorigin
date: Sat, 31 Oct 2020 12:01:39 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect/?pid=2141257&fmt=gif&_rnd=0.7805006511535972&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

/
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Fpid%3D1681282%26fmt%3Dgif%26_rnd%3D0.12172970628279156%26liSync%3Dtrue
https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156&liSync=true

43 B
145 B

177ms
177ms

Image
image/gif

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156&liSync=true
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
server: Play
linkedin-action: 1
vary: Accept-Encoding
content-type: image/gif
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-length: 65
x-li-uuid: f+OVuAMSQxYwXwNpBCsAAA==
x-li-fabric: prod-lor1

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: MecQsgMSQxYAmyjv5ioAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: FAE62CDB63CE4071BFDAE36FD82C7F11 Ref B: FRAEDGE0720 Ref C: 2020-10-31T12:01:39Z
x-frame-options: sameorigin
date: Sat, 31 Oct 2020 12:01:39 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect/?pid=1681282&fmt=gif&_rnd=0.12172970628279156&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 11:02:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 3535
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Sat, 31 Oct 2020 12:02:43 GMT

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 18ms
17ms Script
application/x-javascript 2a02:26f0:eb:3b4::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:eb:3b4::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=29159
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1799

GET
H2 200 168348421119586 Show response
connect.facebook.net/signals/config/ 234 KB
69 KB 55ms
54ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/168348421119586?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fe1204692b14773ce1f8a8b10ca5334c73331ef62739c0165e9877e5e89b62d3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-trip-id: 780166575
pragma: public
x-fb-debug: /O/Ed2rqZnm3MRUIcd+GlZJOvJ/g1hT9OR+xKeMh5PjBudVmoB8uOpfrEKLLNkES1ZidNAP+4QF8RhpyvoU0ZQ==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Sat, 31 Oct 2020 12:01:38 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-72298027-1&cid=525731311.1604145699&jid=1113171566&gjid=1329937461&_gid=31653433.1604145699&_u=KGBAgAAjAAAAAE~&z=1313522566

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 31 Oct 2020 12:01:38 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://www.forcepoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
221 B 6ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1100008638&t=pageview&_s=1&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&ul=en-us&de=UTF-8&dt=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAgAAj~&jid=1113171566&gjid=1329937461&cid=525731311.1604145699&tid=UA-72298027-1&_gid=31653433.1604145699&z=1686867175

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 03:14:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 31643
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 20ms
19ms Image
image/gif 2a00:1450:4001:81a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-72298027-1&cid=525731311.1604145699&jid=1113171566&_u=KGBAgAAjAAAAAE~&z=1800240596

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 18ms
18ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-72298027-1&cid=525731311.1604145699&jid=1113171566&_u=KGBAgAAjAAAAAE~&z=1800240596

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 529994084364752 Show response
connect.facebook.net/signals/config/ 234 KB
68 KB 55ms
55ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/529994084364752?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527ce22593bfcd6e20caa955f7f3ee14538001d5077c5f24d3bd52a31b36dd34

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-trip-id: 780166575
pragma: public
x-fb-debug: LJhw6TPDbRKEftTm8HDPbDSnYpMXmpB103eoPOC5s3qc7CMUtQrQXBLxpDfJvQxm8jGyxQ5clulmgZxt3E7BIA==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Sat, 31 Oct 2020 12:01:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
377 B 20ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=168348421119586&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&rl=&if=false&ts=1604145698999&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1604145698998.808778360&it=1604145698917&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 31 Oct 2020 12:01:39 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
212 B 19ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=168348421119586&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&rl=&if=false&ts=1604145699001&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=1&o=30&fbp=fb.1.1604145698998.808778360&it=1604145698917&coo=false&tm=1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 31 Oct 2020 12:01:39 GMT

GET
H2 200 bundle.js Show response
assets.ubembed.com/universalscript/releases/v0.178.1/ 162 KB
163 KB 175ms
59ms Script
application/javascript 99.86.2.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ubembed.com/universalscript/releases/v0.178.1/bundle.js
Requested by: Host: 6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
URL: https://6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.2.19 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-2-19.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 20 Oct 2020 06:09:38 GMT
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
last-modified: Wed, 11 Dec 2019 22:14:50 GMT
server: AmazonS3
age: 971522
etag: "2c662c7609e2ae1af50939453dcb717e"
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 165971
x-amz-cf-id: dswWov-G1rYLZ0CfiN7ZY0MXK0lEr_6QRdAngaAupfxMoetc-yPO2Q==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/2GRHXEZSJNFRTPMEC6ZM2B/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

58ms
58ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 0A9DFB41B15EF3A2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/2GRHXEZSJNFRTPMEC6ZM2B/GCI6D323NJAJFLW5TKGUK5/ 1 KB
1 KB 176ms
57ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/2GRHXEZSJNFRTPMEC6ZM2B/GCI6D323NJAJFLW5TKGUK5/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: OVeEHCzot5zwJ1rOdWTy50PDN.FdzYEq
Content-Encoding: gzip
ETag: "3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id: 3F71902D709C1B24
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 635
x-amz-id-2: xnA1xxLgoFva0hWAF6tQN9b6JNGwdJgaWjNnIBnMqSf2QoZgQ6QiGMIm9p5BbpXmEqCXY1+mCpc=
Last-Modified: Fri, 30 Oct 2020 19:16:56 GMT
Server: AmazonS3
Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/2GRHXEZSJNFRTPMEC6ZM2B?_s=44668d92733a4aa01018e96e91e19661&_b=2
https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=44668d92733a4aa01018e96e91e19661&_b=2

385 B
477 B

74ms
73ms

Script
application/javascript

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=44668d92733a4aa01018e96e91e19661&_b=2
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: bd9366d5f8562dbff7f7836ab4cff0f952b09676b9ce9dd158d556eed5085319

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:39 GMT
server: nginx/1.18.0
content-length: 385
content-type: application/javascript

Redirect headers

status: 302
date: Sat, 31 Oct 2020 12:01:39 GMT
server: nginx/1.18.0
content-length: 105
location: https://d.adroll.com/consent/check/2GRHXEZSJNFRTPMEC6ZM2B/?_s=44668d92733a4aa01018e96e91e19661&_b=2

GET
H2 200 adsct
t.co/i/ 43 B
448 B 278ms
166ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=l6a6s&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Sat, 31 Oct 2020 12:01:39 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b37cc09447ba46960d5634903ad172cf
x-transaction: 00e8ed8a00266c6e
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
124 B 163ms
162ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o3qcd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 110
pragma: no-cache
last-modified: Sat, 31 Oct 2020 12:01:39 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b37cc09447ba46960d5634903ad172cf
x-transaction: 00df049b0016acce
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 7ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=529994084364752&ev=PageView&dl=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&rl=&if=false&ts=1604145699071&sw=1600&sh=1200&v=2.9.27&r=stable&a=tmtealium&ec=0&o=30&fbp=fb.1.1604145698998.808778360&it=1604145698917&coo=false&tm=1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Sat, 31 Oct 2020 12:01:39 GMT

GET
H/1.1 204
No Content pview
l.sharethis.com/ 0
315 B 62ms
61ms Image
text/plain 18.195.43.194
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&sessionID=1604145698616.31225&hostname=www.forcepoint.com&location=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&product=widget&fcmp=false&fcmpv2=false&publisher=dr-1a8ea6fe-97f3-ecd7-f9ef-9fd1e2c0c34&bsamesite=true&consentDomain=.consensu.org&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&title=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint&sop=false&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.&gdpr_domain=.consensu.org&gdpr_domain_v1=.consensu.org&description=PIX%2C%20a%20new%20instant%20money%20transfer%20service%2C%20is%20being%20launched%20to%20the%20public%20on%2016%20November%202020%20by%20the%20Central%20Bank%20of%20Brazil%20(BCB).%20Forcepoint%20X-Labs%20have%20seen%20several%20email%20phishing%20campaigns%20using%20this%20service%20as%20a%20lure%20to%20steal%20banking%20details%20and%20passwords%20from%20would-be%20victims.&img_pview=true
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.43.194 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-43-194.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 66ms
66ms Script
application/x-javascript 104.89.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/js/munchkin.js?qitx08
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.89.23.244 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-23-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: AkamaiNetStorage
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Mon, 08 Feb 2021 12:01:39 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D8897...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D258729%26time%3D1604145699085%26url%3Dhttps%253A%252F%252Fwww.forcepoint.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D8897...

0
58 B

180ms
179ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&liSync=true
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: LTeVuQMSQxawX2oCBSsAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: jj+rsgMSQxZgiAL0HisAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: 8D5967F795A94331806636428FF5E4E8 Ref B: FRAEDGE0720 Ref C: 2020-10-31T12:01:39Z
x-frame-options: sameorigin
date: Sat, 31 Oct 2020 12:01:39 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=258729&time=1604145699085&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
303 B 62ms
62ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=c31f421def584587e2f225b839c60ba2&_biz_s=2380a2&_biz_l=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&_biz_t=1604145699141&_biz_i=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint%20&_biz_n=0&rnd=774552&cdn_o=a&_biz_z=1604145699143
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 30 Oct 2020 01:57:57 GMT
server: ECS (amb/6B75)
age: 122623
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 kvp
cdn.bizible.com/m/ 43 B
202 B 63ms
62ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/kvp?data=%7B%22ABTest%22%3A%5B%7B%22Exp%22%3A%7B%22Name%22%3A%22Heatmap%22%2C%22Id%22%3A%223%22%7D%2C%22Var%22%3A%7B%22Name%22%3A%22website%22%2C%22Id%22%3A%221%22%7D%2C%22U%22%3A%22D2C1E3EBCDDFC5F8CAF7C491EC026A2B5%22%7D%2C%7B%22Exp%22%3A%7B%22Name%22%3A%22Visitor%20Sessions%20Recorded%22%2C%22Id%22%3A%224%22%7D%2C%22Var%22%3A%7B%22Name%22%3A%22website%22%2C%22Id%22%3A%221%22%7D%2C%22U%22%3A%22D2C1E3EBCDDFC5F8CAF7C491EC026A2B5%22%7D%5D%7D&_biz_u=c31f421def584587e2f225b839c60ba2&_biz_s=2380a2&_biz_l=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&_biz_t=1604145699147&_biz_i=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint%20&_biz_n=1&rnd=316197&cdn_o=a&_biz_z=1604145699147
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BC1) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 30 Oct 2020 03:40:17 GMT
server: ECS (amb/6BC1)
age: 116482
x-cache: HIT
content-type: Image/GIF
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 61ms
54ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=c31f421def584587e2f225b839c60ba2&_biz_s=2380a2&_biz_l=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&_biz_t=1604145699148&_biz_i=Phishing%20Scam%20Attacking%20Brazil%27s%20PIX%20Instant%20Payment%20Platform%20%7C%20Forcepoint%20&rnd=306644&cdn_o=a&_biz_z=1604145699148
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B97) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
last-modified: Fri, 30 Oct 2020 00:53:38 GMT
server: ECS (amb/6B97)
age: 126481
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2

200

trace.js Show response
dmp.theadex.com/
Redirect Chain

https://dmp.theadex.com/trace.js?adex_consent=1
https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187299944203886

500 B
660 B

59ms
59ms

Script
application/javascript

89.163.159.103
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://dmp.theadex.com/trace.js?adex_consent=1&axd_sc=4242187299944203886
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.103 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: b88527b4a378e77198361dc5fa758412e724408c6e67810ee46a4feaf784d765

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
server: nginx
content-type: application/javascript
status: 200
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-length: 500
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
server: nginx
status: 303
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
location: ?adex_consent=1&axd_sc=4242187299944203886
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-length: 0
expires: 0

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
550 B 162ms
162ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=c31f421def584587e2f225b839c60ba2&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.08.28
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBB) /
Resource Hash: 83f2707a8b9dc77747362d11f7b953bd96078ad44a3c941e59fab15dfe43f464

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:38 GMT
content-encoding: gzip
server: ECS (amb/6BBB)
etag: E8DDF081
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 218

GET
H/1.1 200
OK Cookie set dest5.html
websenseinc.demdex.net/ Frame 2DFF 0
0 284ms
70ms Document
text/html 52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://websenseinc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: websenseinc.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=80163706604152596043228259883618134069
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 29 Oct 2020 14:03:10 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=80163706604152596043228259883618134069;Path=/;Domain=.demdex.net;Expires=Thu, 29-Apr-2021 12:01:39 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: 2Pf9mufFSc4=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
analyticsssl.forcepoint.com/ 48 B
512 B 268ms
65ms XHR
application/x-javascript 15.237.76.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://analyticsssl.forcepoint.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=8DC067C25245AFA80A490D4C%40AdobeOrg&mid=73364873433289014352747965123646526170&ts=1604145699232

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-237-76-117.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

89b80fdf0cc481462ffa2bf5790768cf1513cb4230f88593fc82a7a4e8823253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:39 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-f7bfdfcfd-j75s7
vary: Origin
x-c: master-1404.I1e61f9.M0-468
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.forcepoint.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=X51SIwAAB-fWzBTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=80163706604152596043228259883618134069
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SIwAAB-fWzBTJ

42 B
915 B

73ms
73ms

Image
image/gif

52.49.13.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SIwAAB-fWzBTJ

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.13.247 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-13-247.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v085-0727be8c2.edge-irl1.demdex.com 5.79.0.20201028125013 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: WshJ+d/6QMk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=X51SIwAAB-fWzBTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 /
dmp.theadex.com/r/506/3014/ Frame C353 0
0 58ms
58ms Document
text/html 89.163.159.103
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://dmp.theadex.com/r/506/3014/?c=4242187299944203886&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&adex_consent_checked=1604145699
Requested by: Host: dmp.theadex.com
URL: https://dmp.theadex.com/d/506/3014/s/adex.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.103 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: dmp.theadex.com
:scheme: https
:path: /r/506/3014/?c=4242187299944203886&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&adex_consent_checked=1604145699
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: axd=4242187299944203886
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Response headers

status: 200
server: nginx
date: Sat, 31 Oct 2020 12:01:39 GMT
content-type: text/html; charset=UTF-8
p3p: CP="CAO PSA OUR"
access-control-allow-credentials: true
content-encoding: gzip

GET
BLOB 200
OK d746cc27-671f-4469-8439-58ced7cd6dd9
https://www.forcepoint.com/ 47 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.forcepoint.com/d746cc27-671f-4469-8439-58ced7cd6dd9
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 47679
Content-Type: text/javascript

GET
H/1.1 200
OK visitWebPage Show response
018-nkf-008.mktoresp.com/webevents/ 2 B
311 B 695ms
135ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://018-nkf-008.mktoresp.com/webevents/visitWebPage?_mchNc=1604145699360&_mchCn=&_mchId=018-NKF-008&_mchTk=_mch-forcepoint.com-1604145699359-26050&_mchHo=www.forcepoint.com&_mchPo=&_mchRu=%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=_hsmi%3D88974744__-___hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:39 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 4dcf5188-3d93-4b59-81ac-6f1f92db650a

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 396 KB
55 KB 64ms
63ms Script
application/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1e8c2c1c69e177db8aab839264b26577c44af29b75cc4edb25b5021b0b4538e3

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: RrXoTAgO8kW4lHaNUHggiN0CFoNQqBuA
Content-Encoding: gzip
ETag: "14827d9b396da2c054681d43b60bfefa"
x-amz-request-id: 75FD1CF45B5DC603
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 55061
x-amz-id-2: 87Hntk1FQ9KerNTzh7kaTiGto6MGiLc0tqz1MqvwTE4/+GFSHUx4QutWa2o433BEieeasynzIjM=
Last-Modified: Wed, 21 Oct 2020 17:43:14 GMT
Server: AmazonS3
Date: Sat, 31 Oct 2020 12:01:39 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

forms2.css
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/
Redirect Chain

https://www.forcepoint.com/js/forms2/css/forms2.css
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

13 KB
3 KB

128ms
125ms

Stylesheet
text/css

2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f96c56f-33f8"
age: 396188, 396188, 396188, 396188, 396188
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 3158
x-served-by: cache-mdw17373-MDW, cache-mdw17322-MDW, cache-fra19162-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 12:47:43 GMT
server: nginx
x-timer: S1604145700.635822,VS0,VE119
date: Sat, 31 Oct 2020 12:01:39 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes, bytes, bytes
x-styx-req-id: 63395879-17d6-11eb-a160-e6110f627779
x-cache-hits: 75185, 0, 0, 0

Redirect headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 47055, 47055, 47055, 47055
x-cache: HIT, MISS, MISS, MISS
status: 301
x-cache-hits: 148, 0, 0, 0
content-length: 0
x-served-by: cache-mdw17368-MDW, cache-mdw17324-MDW, cache-fra19179-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145700.503265,VS0,VE115
date: Sat, 31 Oct 2020 12:01:39 GMT
vary: x-geo-country, Cookie, orig-host
content-type: text/html; charset=UTF-8
location: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
cache-control: public, max-age=86400
accept-ranges: bytes, bytes, bytes, bytes
x-styx-req-id: 464c6320-1b03-11eb-9708-ae96c617c498
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-ct4b7

GET
H2

200

forms2.css
www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/
Redirect Chain

https://www.forcepoint.com/js/forms2/css/forms2-theme-simple.css
https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

13 KB
3 KB

286ms
283ms

Stylesheet
text/css

2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"5f96c56f-33f8"
age: 396188, 396188
x-pantheon-styx-hostname: styx-fe3-b-6776458c68-7wjkb
x-cache: HIT, MISS, MISS, MISS
status: 200
content-length: 3158
x-served-by: cache-mdw17373-MDW, cache-mdw17347-MDW, cache-fra19149-FRA, cache-fra19149-FRA
last-modified: Mon, 26 Oct 2020 12:47:43 GMT
server: nginx
x-timer: S1604145700.636756,VS0,VE278
date: Sat, 31 Oct 2020 12:01:39 GMT
vary: Accept-Encoding, orig-host
content-type: text/css
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Wed, 27 Oct 2021 21:58:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 63395879-17d6-11eb-a160-e6110f627779
x-cache-hits: 75186, 0, 0, 0

Redirect headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
age: 47055, 47055, 47055
x-cache: HIT, MISS, MISS, MISS
status: 301
x-cache-hits: 145, 0, 0, 0
content-length: 0
x-served-by: cache-mdw17365-MDW, cache-mdw17362-MDW, cache-fra19180-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145700.504304,VS0,VE117
date: Sat, 31 Oct 2020 12:01:39 GMT
vary: x-geo-country, Cookie, orig-host
content-type: text/html; charset=UTF-8
location: https://www.forcepoint.com/sites/all/modules/features/feature_ws_marketo/css/forms2.css
cache-control: public, max-age=86400
accept-ranges: bytes, bytes, bytes
x-styx-req-id: 4657ab89-1b03-11eb-87e4-8e589cac6792
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v

GET
H2 200 s24638416891629
analyticsssl.forcepoint.com/b/ss/websense-fp-prod/1/JS-2.12.0/ 43 B
331 B 67ms
66ms Image
image/gif 15.237.76.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analyticsssl.forcepoint.com/b/ss/websense-fp-prod/1/JS-2.12.0/s24638416891629?AQB=1&ndh=1&pf=1&t=31%2F9%2F2020%2013%3A1%3A39%206%20-60&sdid=6841B10F19176AD9-503B8F62E77356EB&mid=73364873433289014352747965123646526170&aamlh=6&ce=UTF-8&pageName=fp%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&g=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&cc=USD&ch=blog&server=www.forcepoint.com&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=blog%20article&v1=blog%20article&v2=blog&l2=Heatmap%3Awebsite%2CVisitor%20Sessions%20Recorded%3Awebsite&c3=blog%3Ax%20labs&v3=blog%3Ax%20labs&v4=D%3DpageName&v9=de&v10=emea%20-%20europe%2C%20middle%20east%20and%20africa&v11=english&c15=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment&v18=no%20value&c20=3726&c21=2.12.0&c22=fp%3Aus%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&v34=x%20labs&v35=cybercriminals%20exploit%20brazil%E2%80%99s%20pix%20instant%20payment%20platform%20in%20new%20phishing%20attack&v36=ben%20gibney&v37=2020-10-30&v47=D%3Dg&v50=D%3Dc15&v63=fp%3Aus%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=8DC067C25245AFA80A490D4C%40AdobeOrg&AQE=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-237-76-117.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:39 GMT
x-content-type-options: nosniff
x-c: master-1404.I1e61f9.M0-468
p3p: CP="This is not a P3P policy"
status: 200
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sun, 01 Nov 2020 12:01:39 GMT
server: jag
xserver: anedge-f7bfdfcfd-gv44j
etag: 3444876657697325056-4621792099749686258
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Fri, 30 Oct 2020 12:01:39 GMT

POST
H2 200 csp-report
www.forcepoint.com/admin/config/system/seckit/ 0
3 KB 361ms
361ms Other
text/html 2a04:4e42:600::740
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.forcepoint.com/admin/config/system/seckit/csp-report

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::740 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: 'unsafe-inline' 'unsafe-eval' .fonts.net analyticsssl.forcepoint.com .licdn.com .tiqcdn.com .marketo.com .marketo.net .mktoresp.com .demdex.net .burly.io .omtrdc.net .llnwd.net .tealiumiq.com .googleadservices.com .marinsm.com .amazonaws.com .quantserve.com .facebook.net .serving-sys.com .google-analytics.com .hirebridge.com .websense.com .bizographics.com .linkedin.com .cloudfront.net .newrelic.com .nr-data.net .adnxs.com .demandbase.com .twitter.com .omtrdc.net .youtube.com static.ads-twitter.com .company-target.com .omniture.com .doubleclick.net .forcepoint.com .google.com .facebook.com bam.nr-data.net maps.gstatic.com .getsmartcontent.com .vidyard.com .adroll.com s.ml-attr.com attr.ml-api.io .driftt.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .gstatic.com .libsyn.com .s3.amazonaws.com .cdnbasket.net ids.cdnwidget.com app.vwo.com .visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .googleapis.com .cloudflare.com activitymap.adobe.com .consensu.org .ubembed.com .bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com .tealiumiq.com .google.com .googleadservices.com .doubleclick.net .websense.com .marinsm.com .facebook.com .quantserve.com .google-analytics.com .w55c.net .marketo.com .iasds01.com .linkedin.com .cloudfront.net .forcepoint.com .adnxs.com .twitter.com t.co .omtrdc.net tags.w55c.net .demandbase.com .company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net .newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json .getsmartcontent.com .adroll.com .vidyard.com s.ml-attr.com attr.ml-api.io ml314.com .ml314.com .bing.com .driftt.com .crazyegg.com .sharethis.com .vimeo.com .slideshare.net .techvalidate.com .gartner.com .googletagmanager.com .visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com .js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com .s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io .clearbit.com .googleapis.com .cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js .consensu.org .bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src data: ; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net .mktoresp.com .cdnbasket.net ids.cdnwidget.com .forcepoint.com sample-api-v2.crazyegg.com .visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net .tealiumiq.com live-evercurrent-clone.pantheonsite.io .sharethis.com .doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
Strict-Transport-Security	max-age=18410000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.fonts.net analyticsssl.forcepoint.com *.licdn.com *.tiqcdn.com *.marketo.com *.marketo.net *.mktoresp.com *.demdex.net *.burly.io *.omtrdc.net *.llnwd.net *.tealiumiq.com *.googleadservices.com *.marinsm.com *.amazonaws.com *.quantserve.com *.facebook.net *.serving-sys.com *.google-analytics.com *.hirebridge.com *.websense.com *.bizographics.com *.linkedin.com *.cloudfront.net *.newrelic.com *.nr-data.net *.adnxs.com *.demandbase.com *.twitter.com *.omtrdc.net *.youtube.com static.ads-twitter.com *.company-target.com *.omniture.com *.doubleclick.net *.forcepoint.com *.google.com *.facebook.com bam.nr-data.net maps.gstatic.com *.getsmartcontent.com *.vidyard.com *.adroll.com s.ml-attr.com attr.ml-api.io *.driftt.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.gstatic.com *.libsyn.com *.s3.amazonaws.com *.cdnbasket.net ids.cdnwidget.com app.vwo.com *.visualwebsiteoptimizer.com use.typekit.net p.typekit.net cdn.vwo-analytics.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.googleapis.com *.cloudflare.com activitymap.adobe.com *.consensu.org *.ubembed.com *.bizible.com dmp.theadex.com tag.aumago.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' pixel.cdnwidget.com *.tealiumiq.com *.google.com *.googleadservices.com *.doubleclick.net *.websense.com *.marinsm.com *.facebook.com *.quantserve.com *.google-analytics.com *.w55c.net *.marketo.com *.iasds01.com *.linkedin.com *.cloudfront.net *.forcepoint.com *.adnxs.com *.twitter.com t.co *.omtrdc.net tags.w55c.net *.demandbase.com *.company-target.com maps.gstatic.com tags.tiqcdn.com munchkin.marketo.net *.newrelic.com connect.facebook.net static.ads-twitter.com a.burly.io sjs.bizographics.com bam.nr-data.net snap.licdn.com https://websense.tt.omtrdc.net/m2/websense/mbox/json *.getsmartcontent.com *.adroll.com *.vidyard.com s.ml-attr.com attr.ml-api.io ml314.com *.ml314.com *.bing.com *.driftt.com *.crazyegg.com *.sharethis.com *.vimeo.com *.slideshare.net *.techvalidate.com *.gartner.com *.googletagmanager.com *.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com app.vwo.com *.js.ubembed.com assets.ubembed.com js.driftt.com cdn.vwo-analytics.com *.s3.amazonaws.com s3.amazonaws.com dev-forcepoint.pantheonsite.io test-forcepoint.pantheonsite.io live-forcepoint.pantheonsite.io *.clearbit.com *.googleapis.com *.cloudflare.com https://activitymap.adobe.com/sc15/activitymap/index.js *.consensu.org *.bizible.com dmp.theadex.com tag.aumago.com ws.zoominfo.com; img-src * data: *; connect-src 'self' app.vwo.com dpm.demdex.net websense.tt.omtrdc.net *.mktoresp.com *.cdnbasket.net ids.cdnwidget.com *.forcepoint.com sample-api-v2.crazyegg.com *.visualwebsiteoptimizer.com insight.adsrvr.org bam.nr-data.net *.tealiumiq.com live-evercurrent-clone.pantheonsite.io *.sharethis.com *.doubleclick.net dmp.theadex.com tag.aumago.com google-analytics.com; report-uri /admin/config/system/seckit/csp-report
content-encoding: gzip
x-content-type-options: nosniff
age: 0
x-pantheon-styx-hostname: styx-fe3-a-d687769c6-4g68v
x-cache: MISS, MISS, MISS, MISS
status: 200
from-origin: same, https://analyticsssl.forcepoint.com,https://vidyard.com
vary: Accept-Encoding, x-geo-country, Cookie, orig-host
content-length: 20
x-served-by: cache-mdw17326-MDW, cache-mdw17326-MDW, cache-fra19149-FRA, cache-fra19149-FRA
server: nginx
x-timer: S1604145700.522113,VS0,VE355
x-frame-options: SAMEORIGIN
date: Sat, 31 Oct 2020 12:01:39 GMT
strict-transport-security: max-age=18410000
content-language: en
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
expires: Sun, 19 Nov 1978 05:00:00 GMT
cache-control: no-cache, must-revalidate
accept-ranges: bytes, bytes
content-type: text/html; charset=UTF-8
x-styx-req-id: d56d7df0-1b70-11eb-87e4-8e589cac6792
x-drupal-cache: MISS
x-cache-hits: 0, 0, 0, 0

GET
DATA 200
OK truncated
/ 648 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba206ae667f1642cd0a35950bee63b5f3df2a147d04272a5f3aba7e2d53167aa

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 analyze Show response
r1.visualwebsiteoptimizer.com/ 0
143 B 553ms
286ms XHR
application/javascript 35.245.208.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://r1.visualwebsiteoptimizer.com/analyze?_a=371490&_u=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.245.208.72 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 72.208.245.35.bc.googleusercontent.com
Software: r1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKZrFglNrVLnPTtjF

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:39 GMT
content-encoding: gzip
server: r1
access-control-allow-origin: *
content-type: application/javascript; charset=UTF-8

GET
H/1.1 200
OK favicon-32x32.png
nextroll.com/ 2 KB
2 KB 430ms
142ms Image
image/png 52.20.238.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nextroll.com/favicon-32x32.png
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.20.238.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-20-238-4.compute-1.amazonaws.com
Software: Apache /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 31 Oct 2020 12:01:40 GMT
Via: 1.1 vegur
Last-Modified: Mon, 26 Oct 2020 19:58:15 GMT
Server: Apache
Etag: "64f-5b29859ce03c0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1615

GET
H2 200 1.gif
dmp.theadex.com/d/506/3014/i/ 36 B
306 B 59ms
58ms Image
image/gif 89.163.159.103
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/506/3014/i/1.gif?c=4242187299944203886&t=1&location=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&protocol=https%3A%2F%2F&tzo=-60&date=1604145699&sw=1600&sh=1200&sd=24&pd=24&saw=1600&sah=1200&vw=1600&vh=1200&pmd=When%20any%20new%20technology%20comes%20along%2C%20scammers%20often%20jump%20on%20the%20opportunity%20to%20use%20it%20as%20a%20lure%20to%20steal%20personal%20information.%20When%20the%20technology%20is%20backed%20by%20a%20large%20organization%20and%20intended%20for%20use%20by%20an%20entire%20country%2C%20we%20are%20bound%20to%20see%20it%20used%20in%20nefarious%20ways.&pmt=Cybercriminals%20Exploit%20Brazil%E2%80%99s%20PIX%20Instant%20Payment%20Platform%20in%20New%20Phishing%20Attack&r=85d0293a2213bef0c572874fc1aa6847&c=4242187299944203886&adex_consent=1&adex_consent_origin=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&adex_consent_checked=1604145699
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.103 Cloppenburg, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 31 Oct 2020 12:01:39 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
status: 200
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2 200 nr-1184.min.js Show response
js-agent.newrelic.com/ 27 KB
11 KB 145ms
46ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1184.min.js
Requested by: Host: www.forcepoint.com
URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:40 GMT
content-encoding: gzip
x-amz-request-id: A21809B1C987C063
x-cache: HIT
status: 200
content-length: 10624
x-amz-id-2: 5/0iWHe8AbcxZN6Jo3BmJ2Q+tztfRSNwr+lcNTrsM79nJm6KurTN6rNwf14f8ELquc1TIDOjlf4=
x-served-by: cache-hhn4080-HHN
last-modified: Mon, 28 Sep 2020 16:34:45 GMT
server: AmazonS3
x-timer: S1604145700.234737,VS0,VE0
etag: "3d7f312be60d08a2568e311e4762f3af"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 13413

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
650 B 280ms
170ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=l6a6s&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Sat, 31 Oct 2020 12:01:40 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 8f0a6edc250bab3cc4a37c99189b4eb1
x-transaction: 005ac18600a554d2
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
237 B 193ms
172ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.0&p_id=Twitter&p_user_id=0&txn_id=o3qcd&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 31 Oct 2020 12:01:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Sat, 31 Oct 2020 12:01:40 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 8f0a6edc250bab3cc4a37c99189b4eb1
x-transaction: 00664f1d00e53317
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame 5F0E 0
0 77ms
77ms Document
text/html 52.85.32.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1604145900000/bt3rzfauhdaf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.32.71 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-32-71.ham50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Tue, 13 Oct 2020 15:05:22 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 31 Oct 2020 12:01:40 GMT
etag: "e6bb65f85e419beda3231798abde6eb3"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 fac4016d40efb9989ddc8d36322eeefc.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: -P7dIrVkbqEjNdEsYKrJasCCpOjClt9PXIQfR3zcNi2aDZwXrDKDRA==

GET
H/1.1 200
OK ab8aacbcff Show response
bam.nr-data.net/1/ 57 B
274 B 575ms
143ms Script
text/javascript 162.247.242.19
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/ab8aacbcff?a=452344952&v=1184.ab39b52&to=M1NVYEFVXUQCUU1cDAoZdldHXVxZTEJYUgY7W1ZaUlNWRTxcVlEGO0BeUURrQ1YEVw%3D%3D&rst=5781&ck=1&ref=https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment&ap=2301&be=2862&fe=5327&dc=3910&perf=%7B%22timing%22:%7B%22of%22:1604145694784,%22n%22:0,%22f%22:232,%22dn%22:233,%22dne%22:357,%22c%22:357,%22s%22:363,%22ce%22:370,%22rq%22:370,%22rp%22:2839,%22rpe%22:2846,%22dl%22:2845,%22di%22:3910,%22ds%22:3910,%22de%22:3958,%22dc%22:5326,%22l%22:5327,%22le%22:5679%7D,%22navigation%22:%7B%7D%7D&fp=3116&fcp=3944&at=HxRWFglPTko%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1184.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.19 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-7.nr-data.net
Software: /
Resource Hash: d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

GET
H2 200 index.html
ws.sharethis.com/secure5x/ Frame D2E6 0
0 14ms
14ms Document
text/html 2600:9000:2093:8c00:3:c04e:c780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/secure5x/index.html
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:8c00:3:c04e:c780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash

Request headers

:method: GET
:authority: ws.sharethis.com
:scheme: https
:path: /secure5x/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg

Response headers

status: 200
content-type: text/html
content-length: 4080
content-encoding: gzip
last-modified: Fri, 09 Oct 2020 19:01:02 GMT
server: nginx/1.16.1
x-robots-tag: noindex, nofollow
date: Sat, 31 Oct 2020 02:09:21 GMT
etag: "5f80b36e-390f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 94fcf2ec0b048f48ffbd2e01f16d014c.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: ee0xjeqN1kZZK9x1VnBgrwhnVBKb_Iu1Z-v_51q41TPdodTij0pQpQ==
age: 35540

POST
H2 200 analyze Show response
r1.visualwebsiteoptimizer.com/ 0
142 B 177ms
176ms XHR
application/javascript 35.245.208.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://r1.visualwebsiteoptimizer.com/analyze?_a=371490&_u=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.245.208.72 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 72.208.245.35.bc.googleusercontent.com
Software: r1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBSBjc32jdF90W8Wt

Response headers

status: 200
date: Sat, 31 Oct 2020 12:01:45 GMT
content-encoding: gzip
server: r1
access-control-allow-origin: *
content-type: application/javascript; charset=UTF-8

POST
H/1.1 200
OK ab8aacbcff Show response
bam.nr-data.net/events/1/ 24 B
185 B 143ms
142ms XHR
image/gif 162.247.242.19
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/ab8aacbcff?a=452344952&v=1184.ab39b52&to=M1NVYEFVXUQCUU1cDAoZdldHXVxZTEJYUgY7W1ZaUlNWRTxcVlEGO0BeUURrQ1YEVw%3D%3D&rst=15781&ck=1&ref=https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.19 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS: bam-7.nr-data.net
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Access-Control-Allow-Origin: https://www.forcepoint.com
Access-Control-Allow-Credentials: true
Content-Length: 24
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.theadex.com/	1970-01-19 15:45:21	Name: tis Value: EP8%3A2610%7CEP12%3A2610
.forcepoint.com/	1970-01-19 13:35:47	Name: v18 Value: fp%3Ablog%3Ax%20labs%3Aphishing%20scam%20attacking%20brazil%20pix%20instant%20payment
www.forcepoint.com/	1970-01-19 15:45:21	Name: cmp Value: 7011G000000Y7cM
.forcepoint.com/	1970-01-20 07:06:57	Name: s_ecid Value: MCMID%7C73364873433289014352747965123646526170
.forcepoint.com/	1970-01-20 07:06:57	Name: _mkto_trk Value: id:018-NKF-008&token:_mch-forcepoint.com-1604145699359-26050
www.forcepoint.com/	1970-01-19 15:45:21	Name: axd Value: 4242187299944203886
www.forcepoint.com/	1970-01-20 07:06:57	Name: driftt_aid Value: 778b682c-f34d-41f5-b1f2-98fb53be8fea
.forcepoint.com/	1970-01-20 07:06:57	Name: AMCV_8DC067C25245AFA80A490D4C%40AdobeOrg Value: 281789898%7CMCIDTS%7C18567%7CMCMID%7C73364873433289014352747965123646526170%7CMCAAMLH-1604750499%7C6%7CMCAAMB-1604750499%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1604152899s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18574%7CvVersion%7C4.1.0
www.forcepoint.com/	1969-12-31 23:59:59	Name: BIGipServerabmweb-nginx-app_https Value: !q+wm3sj7AhHwvihybf/nLIVwOTHiDunNqFrzL5xfGVRRBk0b2QHRInY28GD6gbHNDyYrjwtt3eTqtg==
.forcepoint.com/	1969-12-31 23:59:59	Name: AMCVS_8DC067C25245AFA80A490D4C%40AdobeOrg Value: 1
.forcepoint.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.forcepoint.com/	1970-01-19 22:21:21	Name: _biz_pendingA Value: %5B%5D
.theadex.com/	1970-01-19 15:45:21	Name: axd Value: 4242187299944203886
.forcepoint.com/	1970-01-19 22:21:21	Name: _biz_nA Value: 2
.forcepoint.com/	1970-01-19 13:35:47	Name: _biz_sid Value: 2380a2
.forcepoint.com/	1970-01-19 22:21:21	Name: utag_main Value: v_id:01757e88d82000405b152f5cace80007800e907000b08$_sn:1$_ss:1$_st:1604147498850$ses_id:1604145698850%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:forcepoint.com
.forcepoint.com/	1970-01-19 22:21:21	Name: _biz_uid Value: c31f421def584587e2f225b839c60ba2
.forcepoint.com/	1970-01-19 22:21:21	Name: _biz_ABTestA Value: %5B1568091%5D
.forcepoint.com/	1970-01-19 13:35:45	Name: _gat_tealium_0 Value: 1
.forcepoint.com/	1970-01-19 22:21:21	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
www.forcepoint.com/blog/x-labs	1969-12-31 23:59:59	Name: DriftPlaybook Value: A
.forcepoint.com/	1970-01-19 15:45:21	Name: _gcl_au Value: 1.1.389974675.1604145699
.forcepoint.com/	1970-01-19 13:37:12	Name: _gid Value: GA1.2.31653433.1604145699
.demdex.net/	1970-01-19 17:54:57	Name: demdex Value: 80163706604152596043228259883618134069
.forcepoint.com/	1970-01-19 15:45:21	Name: _vwo_ds Value: 3%3Aa_1%2Ct_0%3A0%241604145697%3A16.58884351%3A%3A%3A4_1%2C3_1%3A0
.forcepoint.com/	1970-01-19 13:35:47	Name: _vwo_sn Value: 0%3A1%3Ar1.visualwebsiteoptimizer.com%3A1%3A1
.forcepoint.com/	1970-01-19 15:45:21	Name: _fbp Value: fb.1.1604145698998.808778360
.forcepoint.com/	1970-01-23 05:11:45	Name: _vwo_uuid Value: D2C1E3EBCDDFC5F8CAF7C491EC026A2B5
.forcepoint.com/	1970-01-19 15:59:45	Name: _vis_opt_s Value: 1%7C
.forcepoint.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
www.forcepoint.com/	1969-12-31 23:59:59	Name: has_js Value: 1
.forcepoint.com/	1970-01-20 07:06:57	Name: _ga Value: GA1.2.525731311.1604145699
.forcepoint.com/	1970-01-19 22:22:48	Name: _vwo_uuid_v2 Value: D2C1E3EBCDDFC5F8CAF7C491EC026A2B5\|4b040af9d0b46acfa422d3e0abb91e1a

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://info.silobreaker.com/e2t/tc/VW7qzt1N32_BW7n09Mj7ZwmsKW4HyYrL4hRBGdN3S9PH52-Hw7V1-WJV7CgXWSW6MYgqg83d7hsW6k2-Vc61J4KgW4BlhGd8qJt-tW8lF2R-3ZPb4gW6gzGDg8vLDd1W3RHcBY1dnC23W4Dc7V51y5FVqVFKmJK3pvtVQW8kMNL471cq_HW3Cs69z3Zs4C1W5S4Cvb6q498vMqhnD2_9phNV64YhL4PnDjbW6mDTFq2qvBXBW3Tg1Fr6sb7-CW582RvZ8qNLq6W6-HJJ47b9S0KW5tbJ3k34V8_sW51khln5B4qSYW1xtVPS8by9t8VLB9bC4RTFJCW1JBHf18ZRQ73N7d25lRTNnlWW8dqF7j1fkshx3pQp1(Line 13) Message: toS
console-api	log	URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 2) Message: start VWO sync section
console-api	log	URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 5) Message: VWO load https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=371490&url=https%3A%2F%2Fwww.forcepoint.com%2Fblog%2Fx-labs%2Fphishing-scam-attacking-brazil-pix-instant-payment%3F_hsmi%3D88974744%26_hsenc%3Dp2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg&random=0.5697911023977063
console-api	log	URL: https://tags.tiqcdn.com/utag/websense/forcepoint-2018/prod/utag.sync.js(Line 9) Message: VWO loaded
console-api	log	URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg(Line 95) Message: VWO load https://d5phz18u4wuww.cloudfront.net/vis_opt.js
console-api	log	URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg(Line 95) Message: VWO top initialize
console-api	log	URL: https://www.forcepoint.com/blog/x-labs/phishing-scam-attacking-brazil-pix-instant-payment?_hsmi=88974744&_hsenc=p2ANqtz-_R6Rt_j0IWDm02D7yMvUMTRDgogzfPmsvElPF7UsOby9TuLPcn7LXL_hRLbfd2wmO_KYbGAYoalAS_-p66u4CkQPNTNWEszATCcqPiSQLlpYjJMJg(Line 95) Message: VWO bottom initialize
console-api	warning	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Facebook Pixel] - Duplicate Pixel ID: 168348421119586.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

018-nkf-008.mktoresp.com
6634a5cdf59e4bb3a8f70dcd111da346.js.ubembed.com
ajax.googleapis.com
analytics.twitter.com
analyticsssl.forcepoint.com
assets.ubembed.com
attr.ml-api.io
bam.nr-data.net
c.sharethis.mgr.consensu.org
cdn.bizible.com
cdn.bizibly.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
d5phz18u4wuww.cloudfront.net
dev.visualwebsiteoptimizer.com
dmp.theadex.com
dpm.demdex.net
info.silobreaker.com
js-agent.newrelic.com
js.driftt.com
l.sharethis.com
munchkin.marketo.net
nextroll.com
platform.twitter.com
px.ads.linkedin.com
r1.visualwebsiteoptimizer.com
s.adroll.com
s.ml-attr.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tags.tiqcdn.com
websenseinc.demdex.net
ws.sharethis.com
ws.zoominfo.com
www.facebook.com
www.forcepoint.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
104.111.215.136
104.244.42.131
104.244.42.197
104.89.23.244
15.237.76.117
151.101.112.157
151.101.113.131
151.101.114.110
162.247.242.19
18.195.43.194
185.33.221.14
192.28.144.124
199.60.103.2
23.210.248.216
2600:9000:2093:8c00:3:c04e:c780:93a1
2600:9000:2093:ba00:c:a9b7:ddc0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:125e
2606:4700::6810:650c
2620:1ec:21::14
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:816::200e
2a00:1450:4001:817::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:824::200a
2a00:1450:400c:c01::9c
2a02:26f0:eb:3b4::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:600::740
2a05:f500:11:101::b93f:9005
3.248.28.111
34.96.102.137
35.245.208.72
52.20.238.4
52.30.78.155
52.49.13.247
52.85.32.71
54.230.182.189
66.117.28.86
68.232.35.12
68.67.153.60
89.163.159.103
99.86.2.19
99.86.2.95
0424b51f13d400d9eb585e81a203508a431b00ed380f98d390ebc766b30db611
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0cd76c0e7ab206f138acc0c00c8909b344ebeecd07986a950e1b7632eedca1cb
0ec291adef932c1e26510f560daef99d2d26b96331cbfd2f29fe234eaf2dddae
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13307a4188344f0e50223b975d45f37af16ff6fce216b7e3fb2252d16e51467a
1493f7f51959732ad8cec8f45b24bc11773637f74c9bf47a1a23f66b47d595b6
152d33f581c1bd7b2a423e3e2fa1a2c34817751298e0829bc4154f9e04844baa
16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
178c0cef22122f076e0bd80e16ed1cfbcf9bfe317b4c29f63e69fce067b93887
1a5c0fb755eabd84fa9ee65115561abfc934cb67631d8392acc299bed349942d
1d77e8287d004c24f8cec3feb7813d728ff8be437a4ae79f42259bcf9f6d4359
1e8c2c1c69e177db8aab839264b26577c44af29b75cc4edb25b5021b0b4538e3
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
23821571872a83c43ffbaccd85f6447da8462361c42e5877776ec4b50a56e5e9
29aebe811bb2f84bd90cfdee7ffc4c4af62bb5d871fd683f8a85bf0852ce9163
29d2f106a99a4e0ab8119a7eff1ef5e8a5032f6700900f694121c80a8320d636
2a7b733b2f19d538893df08b2c194aef1201dbad6ee2ddafc5bcd34cbb482d6b
2d6b3f3c5ff369d4df14f16820d8300a5c57ea938bc1f932421a5d6241f9e568
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
397d07fbfb19b6ac538d7b8bcdf5ebf7be881c9f9ad3982278d9d4f3a02c160b
3bf68fd8998873a2885f9a5e2baccf393024fa7ebb9e992aa260dfe542e1aea0
4c77b84665a1e6bfb24ec928a1ed9045818099f6a6f2e26e2bb22a560067183f
4d1a17044b0075f8f1089bfe74833f44697cb61e60c86287e8a191516abaa853
4e2a8b16a227605843bcf04d32557fa5f790d17d5fae10db399f3ad6b75cae70
5097252f03e54e40175771e7a8d15d4552f8d43c3f79c2000c96cec1fe718462
519be4598150ebd07de7df2af974a5928f956f617b4cecb376181f34bf7b1df6
527ce22593bfcd6e20caa955f7f3ee14538001d5077c5f24d3bd52a31b36dd34
52de4f853e32cbad1473948b54b45888a76d70bc156a906a4e90d3fe9d63384f
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a1a1ccce193736380d92b310e6c721d7d727d3f5a7efca350606428827a489a
5a3a0313429b22b8fd7b067a306c2733e73b8a1e038591f722ad524e9f60ab79
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
606b1457709eeda5c12414b6dffbf91ce13f13942fc970d785806efd7ee734d5
6116382548abaad3d6133a60e2dc187d88dfa1ed07d981311c0bbcfaee05cd49
6408a837784b4b1e5bdce4b19d2bb4ff1c08c63eaebfe028bd91a559e7eceb8c
6676353d7029b44112419ac26efd665e84021eb418ccf05a1e1f04d0ba46bd53
68253ec054bea4b6ab38323bec24b592d9f2d685adcd63a7c1271ea27d7740ed
6d9a7fd96a3f724833b9b68c20877b5701f64df5446138733baec495138cfb3b
705625f67416c089ec12f98067511c51064b70b57ee1241ba675a1030d26213c
72e4b47a17fe8af5accf40c4965387a6ed961a73bab5f487768e055d394711d4
77bfa66bf799ef1d5be3e464795aaca2f9a0587c1616b9671f7383623474f455
780861f2ab29c0144055244696561fb0306c8cb3cb7f548f9105c763b0e91f77
7925a2e11bef48cf274fc980f2a5e3eb9a355a6e3c875a293f3d041f4d2757ce
79673753d63f34d0e4d8fcec94babbf043b27387bd7767d0ba8c354f3642a54c
7bc1dc7d2a673a36a6e7b3d26c7fd8f5cc42d8b2d41a98e4de2a5ebdaaea9bf7
7c7037514836388334db2f123a214f7ec133481a2d7d128adb62693b5ce9dcef
7da0540e0b536da199335da765f4aa358878f41b295d64fea84e1ee7ae5c73ca
7da3716d9946f2c609d488aa7c55e83935149ce4cdce0e7d80030aa663b8dc3d
7fc6a0616e0a7cf3b8abaa2ab6a02147601829c741de3c870ab3df86aec4af5c
8153575fa281d697e1733cb4d9bca0672c7a53bfe2d17191da06bb418c9247de
8247f4332667950989fe6bf790f87723343db2ec83d975503e9c5dc13a6eb5dc
8275ce62ba23473ad2cf760b9ac237a235261d5d38523c26d32ed4f48d4d2492
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83f2707a8b9dc77747362d11f7b953bd96078ad44a3c941e59fab15dfe43f464
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e8428fa1f7a039682565e701bc7c562fd5274be25fc3b3b5cc3f17bdfe4ef5
8892ffd9b6812e96fca28cf2b24a4a1e25711631d73141353f1ec57fcaf523b8
88a9f854838d4933c158c0b65f9e855992a05790931fdd5e588f637cb82d07c6
89b80fdf0cc481462ffa2bf5790768cf1513cb4230f88593fc82a7a4e8823253
89f73af23bcadce2d0605735149c8a7ce2586cfcb9db7a158521b1ed9139e69e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c3f0e9b32d6de9794c58be0c1f01fd729a47d4d4cba1da3ef7366bb282564a1
8d840af08b18a0a99928ebbbb9a0b4263e08631c0177a3c74963c0e9056c3a21
9013ff56b3eb7dacea9886c26ddead020a8cd81822f40ead55df95b779941b14
912856e113e646cb59dd2a480be66f5463455408b458432e0a7234664608685c
913a3d6d72df757623fc7a1ef37ef84e60ffbff83cb9514aa01a39db05f7bee4
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9483d84c3dbce2446506011035e4135b87b44657eed947acd345faa338521004
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
95fa06fca5253dd4347dc57fc0cea541dc25d8fa30771904c1d00fa695603dbd
98c26f5c930391ad6bd544218212ffbe8e1e7f2025966993ccf3758a7714ed1a
9bf02c9770b2f6cca2e8995e99c09c07ef6f970d78f11912f924056a3eaa44e3
9cc77ec166565cf138f088e29b263d7de28ebff89c6ac6ac7b3226b8c2c45f33
9d15898503a42b662e23214cd7b80ea6c1758596cae92b51509d5a752f71cf66
a1ac3d755b387c28943563b82db22d874a1b192ba8119a4bc3f1697a2a7e258b
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a51ccbe50d3e48a6dbfab565c9cd32eb148afb8134890b8437fb85c2b09d0c74
a5801778ff84312987440fe98294960b5b514a764ce5cd09cd6afcffcf38862f
a793b9a0507f90f79bb2f91d160962842e4b9aeb48e1475438cdae3717e3834e
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
ab02e7268fb89fe4f957122f633ee562e025adcbb94bea973f426b3f5f5b1806
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af60288a11ae9864cdd707a9c6e13463359d5ffb6755bf9035a878f18b8758f9
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2061cb6a8e442a3fb2a9914e62d951aac02e182784d202369ce920aa88fd019
b46b95aec476bbd119873b245722eef166772d341eca4f2fcff05e3a30b62de0
b5c2800c52737f3425d0e434c93f9412da5e0491282c8d3d53b4d707202b8cef
b69c8458f5ca5c3f09345eed4b8ba858149eec0c99db74a01e860f6e5b5968af
b80a71bbfd599367ed06d6cd8a59d87bf0b02aafde9b20b1554abcfbf00abae3
b88527b4a378e77198361dc5fa758412e724408c6e67810ee46a4feaf784d765
ba206ae667f1642cd0a35950bee63b5f3df2a147d04272a5f3aba7e2d53167aa
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bd9366d5f8562dbff7f7836ab4cff0f952b09676b9ce9dd158d556eed5085319
c0c810909068da447ca522f9770490722119d254f18905ae37e5e4a45e2c346c
c0e0b9f64e6354a2677f8cc7b48c489b4fac6183a86dfedc0f52bb0cc17fce3a
c181c648e71e1f94dc9f3aa0aced539df9790bc1aa92494d7fe7b17c274767bf
c5b4d853430d5557c3ed99dbd1780a198e25e0b6afa960beb3ddf2cb9806df98
c6a4f005d0158d27d475991d4606ec4141f42917cc68835019d819c583957710
c7397ae13ad9d12bf4ce9100756dd8703b515ac4381bdd33638e22c787c0fb39
c816a3b84358da6c4f4436d7afae0826aff6247c312f8998f922b944a43a6743
c90104dc032e1b6605d49139049970b3c2c294a0fb039b3de33c7d6c05ea9bab
cb5d792f92a7b7dfcf66898fe8b5597b10a5f04dd9b83c848711401ebc0bd5f6
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce35f2450851af5e3b8e502f29a7048c7da4b7474061493711a15becf6fd7e0b
cf401f0aec11d24c5272997dcb1ffb78c55df70499a70c7f0863b91e215a592b
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
dd0779c9ae69f9d8cd8728663703ce2cc6ec972dc5350a5f6948a15d67fbeea9
dd3989fea51741ca2df9b9d4322db02d378098b5dcca8342a0209a79eadf8933
de0c91884c0f70a3c8ab477b2637d9c9417fc74eb663bbe6eace7836e8b38fc3
df25786bc3951d78d0f763a2a75a1f33b01b8ae2a5157831d2cf4d0348c2ede7
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfc5564378e3431d304458fb8249ed66bd3bec6809a069f99efdefd3921e2cba
e29d9249450c34c94e78ea24e50f48a0921d5403c584539c7f841a18952a12f7
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3a5e17dd26ebd37ea990a2591a24b1bf8da5bf6f42ddb185abcb5b14674a9bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e52e36134236de5bc2ed14fae433aeb6c3e22964df2ee8645c05acbbbd80bec0
e662822f90ea34690370a8dfa7a5c01673e833247c84834c51b64c3dbabf596d
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
e96ee4202dd697f4757a0c1502f5b3ae79c0d59d0823d80a80ac3ed97132d861
ebace77f08582c8518a06375ee41263d1f09bacffccc36b25181b03b0652b249
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f05d0eed73b7e81059f4d7939ee5623bf4d1760081678587945ad66e4fe84ce7
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f410972f63cd7a3e72bced8a9d9e5853ce3a68f814d1f3f9750a71fb140d7ec3
f491a149569afb596fdc5c4f3a27fba63e1207ee95c712161f5b537c7b1c1b6c
f4cbc6a70cd3d48475ddbb975d3831d02e4158a76fcdb997891baa497ea31241
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6111a2b70adc74b366e13097ef3bc968003d16bbebbd72d324cdb73edb32c36
f6af35dde88963c568d23ea26367a7ada162c58a31ec3cf5045be7ea85002c1f
f83d0e410eff198ed5a5e5cbb597db1f33421bdca9d09bbe7f389f5720a721e1
fda75daabf20c593fb3c3cb3ffee398c33a8a59dfb22350e575072f6a294a7d0
fe0306cedbfd5474d5a6fb47e6b4f738b0bd5393f7771548489bb414bb13bc85
fe1204692b14773ce1f8a8b10ca5334c73331ef62739c0165e9877e5e89b62d3

www.forcepoint.com Open in urlscan Pro 2a04:4e42:600::740 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

142 Requests

99 %HTTPS

39 %IPv6

38 Domains

47 Subdomains

42 IPs

8 Countries

2480 kBTransfer

6321 kBSize

33 Cookies

12 Outgoing links

Page URL History

Redirected requests

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 22 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.forcepoint.com Open in urlscan Pro
2a04:4e42:600::740 Public Scan

Screenshot
Live screenshot

Full Image

142
Requests

99 %
HTTPS

39 %
IPv6

38
Domains

47
Subdomains

42
IPs

8
Countries

2480 kB
Transfer

6321 kB
Size

33
Cookies

142 HTTP transactions
22 data transactions