Submitted URL: https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H...
Effective URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%2...
Submission: On February 22 via manual from PH — Scanned from DE

Summary

This website contacted 34 IPs in 2 countries across 30 domains to perform 146 HTTP transactions. The main IP is 2606:2c40::c73c:6702, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.avanan.com. The Cisco Umbrella rank of the primary domain is 734592.
TLS certificate: Issued by GTS CA 1P5 on January 16th 2024. Valid for: 3 months.
This is the only time www.avanan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 57 2606:2c40::c7... 209242 (CLOUDFLAR...)
3 2606:4700:e6:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2620:1ec:bdf::62 8075 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.35.58.106 ()
7 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
5 2606:2800:234... 15133 (EDGECAST)
1 18.66.112.72 16509 (AMAZON-02)
3 2606:4700::68... 13335 (CLOUDFLAR...)
3 104.244.42.8 13414 (TWITTER)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 2600:9000:225... 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
4 5 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 18.245.35.58 16509 (AMAZON-02)
2 52.204.162.254 14618 (AMAZON-AES)
146 34
Apex Domain
Subdomains
Transfer
57 avanan.com
www.avanan.com — Cisco Umbrella Rank: 734592
2 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 338
157 KB
9 insent.ai
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
508 KB
9 gartner.com
www.gartner.com — Cisco Umbrella Rank: 51288
reviews.static.gartner.com — Cisco Umbrella Rank: 134340
199 KB
8 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1276
syndication.twitter.com — Cisco Umbrella Rank: 1627
160 KB
8 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 12580
app.hubspot.com — Cisco Umbrella Rank: 5489
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4459
track.hubspot.com — Cisco Umbrella Rank: 2372
forms.hubspot.com — Cisco Umbrella Rank: 5253
10 KB
7 gstatic.com
fonts.gstatic.com
82 KB
7 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3508
px.ads.linkedin.com — Cisco Umbrella Rank: 362
www.linkedin.com — Cisco Umbrella Rank: 631
px4.ads.linkedin.com — Cisco Umbrella Rank: 6425
164 KB
3 hsforms.com
perf.hsforms.com — Cisco Umbrella Rank: 13630
3 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
3 KB
3 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1106
135 KB
2 dynatrace.com
bf28149orj.bf.dynatrace.com — Cisco Umbrella Rank: 85233
1 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 103
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
88 KB
2 googleusercontent.com
lh3.googleusercontent.com — Cisco Umbrella Rank: 45
lh5.googleusercontent.com — Cisco Umbrella Rank: 178
176 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
224 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 233
9 KB
1 pusher.com
js.pusher.com — Cisco Umbrella Rank: 16217
18 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 800
16 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3428
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 552
296 B
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 5018
88 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2217
23 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3140
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2213
21 KB
1 lfeeder.com
tr.lfeeder.com — Cisco Umbrella Rank: 23532
295 B
1 leadfeeder.com
lftracker.leadfeeder.com — Cisco Umbrella Rank: 79192
11 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5583
6 KB
1 hscta.net
js.hscta.net — Cisco Umbrella Rank: 22638
7 KB
1 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 8330
2 KB
146 30
Domain Requested by
57 www.avanan.com 1 redirects www.avanan.com
12 cdn.cookielaw.org www.googletagmanager.com
cdn.cookielaw.org
www.avanan.com
9 checkpointsoftwaretechnologiesincavanan.widget.insent.ai www.avanan.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
7 fonts.gstatic.com fonts.googleapis.com
6 www.gartner.com www.avanan.com
www.gartner.com
5 platform.twitter.com www.avanan.com
platform.twitter.com
4 px.ads.linkedin.com 3 redirects snap.licdn.com
3 track.hubspot.com
3 reviews.static.gartner.com www.gartner.com
3 syndication.twitter.com platform.twitter.com
www.avanan.com
3 perf.hsforms.com www.avanan.com
3 fonts.googleapis.com www.avanan.com
3 use.fontawesome.com www.avanan.com
use.fontawesome.com
2 bf28149orj.bf.dynatrace.com www.gartner.com
2 www.facebook.com connect.facebook.net
2 cta-service-cms2.hubspot.com js.hscta.net
2 connect.facebook.net www.avanan.com
connect.facebook.net
2 www.googletagmanager.com www.avanan.com
2 cdnjs.cloudflare.com www.avanan.com
www.gartner.com
1 js.pusher.com checkpointsoftwaretechnologiesincavanan.widget.insent.ai
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 forms.hubspot.com js.hsleadflows.net
1 snap.licdn.com js.hsadspixel.net
1 api.hubapi.com js.hsadspixel.net
1 geolocation.onetrust.com cdn.cookielaw.org
1 js.hsleadflows.net www.avanan.com
1 js.hs-banner.com www.avanan.com
1 js.hsadspixel.net www.avanan.com
1 js.hs-analytics.net www.avanan.com
1 tr.lfeeder.com www.avanan.com
1 app.hubspot.com www.avanan.com
1 lh5.googleusercontent.com www.avanan.com
1 lh3.googleusercontent.com www.avanan.com
1 lftracker.leadfeeder.com www.avanan.com
1 static.hsappstatic.net www.avanan.com
1 js.hscta.net www.avanan.com
1 no-cache.hubspot.com www.avanan.com
1 cdn2.hubspot.net www.avanan.com
1 platform.linkedin.com www.avanan.com
146 40
Subject Issuer Validity Valid
www.avanan.com
GTS CA 1P5
2024-01-16 -
2024-04-15
3 months crt.sh
use.fontawesome.com
Cloudflare Inc ECC CA-3
2023-10-12 -
2024-10-10
a year crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-03 -
2024-07-02
a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2023-12-20 -
2024-06-20
6 months crt.sh
hubspot.net
Cloudflare Inc ECC CA-3
2023-04-06 -
2024-04-05
a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2024-01-06 -
2024-12-31
a year crt.sh
www.gartner.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-14 -
2024-12-13
a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.leadfeeder.com
Amazon RSA 2048 M02
2024-01-03 -
2025-02-01
a year crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-12-01 -
2024-02-29
3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-28 -
2024-07-26
a year crt.sh
*.lfeeder.com
Amazon RSA 2048 M02
2024-02-20 -
2025-03-20
a year crt.sh
syndication.twitter.com
R3
2024-02-21 -
2024-05-21
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3
2023-04-07 -
2024-04-06
a year crt.sh
*.widget.insent.ai
Amazon RSA 2048 M03
2024-01-30 -
2025-02-27
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
js.pusher.com
Amazon RSA 2048 M01
2023-04-13 -
2024-05-11
a year crt.sh
*.bf.dynatrace.com
Amazon RSA 2048 M02
2023-12-20 -
2025-01-16
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-01-30 -
2024-07-30
6 months crt.sh

This page contains 8 frames:

Primary Page: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Frame ID: 72623D37BC8C45BB8EBD09896E958FEB
Requests: 126 HTTP requests in this frame

Frame: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Frame ID: 1C65A4332A32EA68BA1DF13C394756A9
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.avanan.com
Frame ID: 65D40B456F4B5DFC6E05CF8BB0356F72
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 08DB9DC31CCEEEDF115546C3B4FAC744
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: E1DB3A33E23A8F36024644202BFA9E1E
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8e21cc1ee196ee7f%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff14fbc7b5fb535304%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 8C5EAEA6D67CFDA1EE86E0461F33CFA9
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfe186ffa1fdaceceb%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ff14fbc7b5fb535304%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 7595524A3406BA4DE9F035CA619BE193
Requests: 1 HTTP requests in this frame

Frame: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%26utm_content%3D293972812%26utm_source%3Dhs_automation&event_listener=DytAsQQBNTdC8GD&hubspot_cookies=[%22c178ca9375cdda1ba3395f9c38ebed22%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: 3015B7926DA3C220D684D5C8EBD3EC79
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

The Microsoft Reply AttackBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95j... Page URL
  2. https://www.avanan.com/events/public/v1/encoded/track/tc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7... HTTP 307
    https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomwa... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

146
Requests

99 %
HTTPS

82 %
IPv6

30
Domains

40
Subdomains

34
IPs

2
Countries

4617 kB
Transfer

10345 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm1PW6LwW4GcqbX4nD3vMMJwZH0ZJT-7W3LP0cW5nXkPsN3kx-6Y30czRVBpC044h2YX3W4Tbp_k4jB8GqW21n-T58X49N2Vj-2cx5P-x_qW4SRHP84VM71cN8rM1GghqDxBW49qDh25R5jlKW1mgzg19b1BMqW38hJsH6W9YRvVnBCww7x1x5nW4rcnzX73_t7fW4b8d-37yKdnKW7_kB995VzT3NW7NTG-64bwRl6W6nfHn81TlLysf671Pl404 Page URL
  2. https://www.avanan.com/events/public/v1/encoded/track/tc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm1PW6LwW4GcqbX4nD3vMMJwZH0ZJT-7W3LP0cW5nXkPsN3kx-6Y30czRVBpC044h2YX3W4Tbp_k4jB8GqW21n-T58X49N2Vj-2cx5P-x_qW4SRHP84VM71cN8rM1GghqDxBW49qDh25R5jlKW1mgzg19b1BMqW38hJsH6W9YRvVnBCww7x1x5nW4rcnzX73_t7fW4b8d-37yKdnKW7_kB995VzT3NW7NTG-64bwRl6W6nfHn81TlLysf671Pl404?_ud=68b7de1e-01e0-43f4-9312-d43c2531181a&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 133
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708575330186&li_adsId=04f7d542-9fb8-45ed-a8a3-7d7a02400718&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%26utm_content%3D293972812%26utm_source%3Dhs_automation HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708575330186&li_adsId=04f7d542-9fb8-45ed-a8a3-7d7a02400718&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1708575330186%26li_adsId%3D04f7d542-9fb8-45ed-a8a3-7d7a02400718%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog%252Fthe-microsoft-reply-attack%253Futm_campaign%253DCampaign%252520-%252520IB-OB%252520Ransomware%252520APAC%2525202%25252F13%252520-%252520FY24%2526utm_medium%253Demail%2526_hsmi%253D293972812%2526_hsenc%253Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%2526utm_content%253D293972812%2526utm_source%253Dhs_automation%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708575330186&li_adsId=04f7d542-9fb8-45ed-a8a3-7d7a02400718&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1708575330186&li_adsId=04f7d542-9fb8-45ed-a8a3-7d7a02400718&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520IB-OB%2520Ransomware%2520APAC%25202%252F13%2520-%2520FY24%26utm_medium%3Demail%26_hsmi%3D293972812%26_hsenc%3Dp2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ%26utm_content%3D293972812%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQI8lcmHYbLj6gAAAY3PBpKnjcqBKY5BO_nkEHzZTXU2zvQ9hpAx9kbHfq9oKwV7OhOVPbPK

146 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm...
www.avanan.com/e3t/Ctc/2H*113/ccGyW04/
8 KB
4 KB
Document
General
Full URL
https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm1PW6LwW4GcqbX4nD3vMMJwZH0ZJT-7W3LP0cW5nXkPsN3kx-6Y30czRVBpC044h2YX3W4Tbp_k4jB8GqW21n-T58X49N2Vj-2cx5P-x_qW4SRHP84VM71cN8rM1GghqDxBW49qDh25R5jlKW1mgzg19b1BMqW38hJsH6W9YRvVnBCww7x1x5nW4rcnzX73_t7fW4b8d-37yKdnKW7_kB995VzT3NW7NTG-64bwRl6W6nfHn81TlLysf671Pl404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
859468797cab44fe-TXL
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Thu, 22 Feb 2024 04:15:28 GMT
last-modified
Thu, 22 Feb 2024 04:15:28 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=823g9AWES%2FZptTsYJQ4omV5GlapeTR2NhvJPDJcFCEn3An8xe1dHPT%2FZU8GAs9H%2Ba3MCcnEyBZLIQOMZizbWGj9FiWUN3m4X6L6PNDOaMJ2f%2F4d0XcA5Uxce0teLigXMzyThwqJzGu%2BwLNyB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
11
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-5c6d56bb5f-9fzxj
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
abd4114d-0e3c-4504-920a-d25f49933d64
x-request-id
abd4114d-0e3c-4504-920a-d25f49933d64
x-robots-tag
none
Primary Request the-microsoft-reply-attack
www.avanan.com/blog/
Redirect Chain
  • https://www.avanan.com/events/public/v1/encoded/track/tc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8s...
  • https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYE...
88 KB
21 KB
Document
General
Full URL
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm1PW6LwW4GcqbX4nD3vMMJwZH0ZJT-7W3LP0cW5nXkPsN3kx-6Y30czRVBpC044h2YX3W4Tbp_k4jB8GqW21n-T58X49N2Vj-2cx5P-x_qW4SRHP84VM71cN8rM1GghqDxBW49qDh25R5jlKW1mgzg19b1BMqW38hJsH6W9YRvVnBCww7x1x5nW4rcnzX73_t7fW4b8d-37yKdnKW7_kB995VzT3NW7NTG-64bwRl6W6nfHn81TlLysf671Pl404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a88f274133df7cd377eaaf7a2ac91cac584671004d8fcfc06cf9ff723c1f689a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.avanan.com/e3t/Ctc/2H*113/ccGyW04/VX9Wst6mbX8vW10Jfkn5kpSV6W7FnbcL59Q7ySMfRflT3qgyTW95jsWP6lZ3pfW1KVv3p2p8H3RW1C0w2r1Cn7m8W2FpJZ24TWSCvW7-dPx28XhqpPW5Mgv3t6B8skxW2wMxcG1rnkfDW48Tbsf3PPLWPVg_V3z38tH3NW17LFh48s_p_NN5t8-Nf1_vHhW6cF8Bm1PW6LwW4GcqbX4nD3vMMJwZH0ZJT-7W3LP0cW5nXkPsN3kx-6Y30czRVBpC044h2YX3W4Tbp_k4jB8GqW21n-T58X49N2Vj-2cx5P-x_qW4SRHP84VM71cN8rM1GghqDxBW49qDh25R5jlKW1mgzg19b1BMqW38hJsH6W9YRvVnBCww7x1x5nW4rcnzX73_t7fW4b8d-37yKdnKW7_kB995VzT3NW7NTG-64bwRl6W6nfHn81TlLysf671Pl404
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=60, max-age=0
cf-ray
8594687c18bd44f8-TXL
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 22 Feb 2024 04:15:28 GMT
edge-cache-tag
CT-106960374431,CG-4153530738,P-1835778,L-6416153737,CW-10828273430,CW-10828758285,CW-11124227288,CW-38920737000,E-5097885803,E-6067151804,E-6073351973,E-6073918834,E-6084513730,E-6476923280,PGS-ALL,SW-2,B-4153530738
etag
W/"4338998ae643f1faa361a7d46d70e668"
last-modified
Sun, 18 Feb 2024 11:33:10 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9A%2FQ5QyfxhMhPjVrU0eNamgPzvPXID7wdFrsHXHPDabH0x53RsBX%2FGV8XsjCxwK7ZtRPYAGUt75bZBdRbFbHNVuecd2PGaq%2FpBxALWvc1amL9az5T49KWPWluUp0GtmT1jVT7rp%2FnY%2BW72Zi"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=60, max-age=0
x-hs-cf-cache-status
MISS
x-hs-content-id
106960374431
x-hs-hub-id
1835778
x-hs-prerendered
Sun, 18 Feb 2024 11:33:10 GMT

Redirect headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
8594687acde144fe-TXL
content-security-policy
upgrade-insecure-requests
date
Thu, 22 Feb 2024 04:15:28 GMT
link
<https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation>; rel="canonical"
location
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kyxgwKLpD2NM4xREN2bYNLSzXFkRwsgWPzhCZWE4bxog3oBNZAQcBh4YpSeAaa9x0zVxA9WlW03ERy1aTz1Ma6dxSNb7tRkpzKrm24VUMsGB4%2BWs9vfulQ6rC%2B9oRVWOLuVtS78JY4nddLU8"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
28
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-5c6d56bb5f-qlw49
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
4224f129-e440-4d54-8fa2-c99568369c3d
x-request-id
4224f129-e440-4d54-8fa2-c99568369c3d
x-robots-tag
none
project.js
www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/
1 KB
1 KB
Script
General
Full URL
https://www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7703218
x-amz-cf-pop
FRA56-P2
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hv8URxX4L3eFzID03RUmR9e2rFEiHu6sa1T96syOFxW2cL2rM6kiSgIHb6HzeWKt7y%2BDOPMmKOYz3iNH6hyK1G5yXCTH8VUQtRVRAZRUmX1J3wvjoZpPQo4P6b4k9pAWjohBW47SsMB1BWCm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8594687d19db44f8-TXL
x-amz-cf-id
vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires
Fri, 21 Feb 2025 04:15:28 GMT
post_listing_asset.js
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/
3 KB
2 KB
Script
General
Full URL
https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7940133
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"d95d7dafd49a1edc76a47120c287b579"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u78JPXyc4sPmNTH8tBu1dzXeUl1mECr2pSkYm19cpxWIXjNABpReCq4mqyIlgHCao2i236uR%2BGwG8nWw1ob1OsvxqnOpp3SMlElv96RHch1Exum2sWxangM9%2BUvlN4axE3AUaGW%2Bf0Ziidkm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8594687d19dc44f8-TXL
x-amz-cf-id
mhe-XZqlu0UYIouskl3OSMY2m4X2j8did-p1-Mtvgj_trvaRM8b1YA==
expires
Fri, 21 Feb 2025 04:15:28 GMT
jquery-1.11.2.js
www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/
94 KB
35 KB
Script
General
Full URL
https://www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 1a620bb236f3df5588fc787c47ccfafa.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7870473
x-amz-cf-pop
TXL50-P4
x-amz-version-id
null
content-encoding
br
x-cache
RefreshHit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 08 Jan 2015 18:08:00 GMT
server
cloudflare
etag
W/"5790ead7ad3ba27397aedfa3d263b867"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PzKh75RdbR%2BySaPrddE2tWDiG3aRrxvnF86A3M99nMNg%2FJl151QAf3s%2FZBfdZdFm9b6E95Zx2Ep%2BnY%2BsyDCZiiPqXeIaB0p2854l6FPFqDIIzTxogpRDRZrisk3Q8n3kErAwfiTaUld%2BIpdf"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8594687d19dd44f8-TXL
x-amz-cf-id
O_5hEe5tH1TbmdsFBs2adAfaGuVRQ00VGDlObtptUqeYtG31BCrPGg==
expires
Fri, 21 Feb 2025 04:15:28 GMT
module_38920737000_header-NEW.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/
350 B
2 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/module_38920737000_header-NEW.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
1SP0XG6YX7NGZNFM
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"d03acb35e50d52eba2de45e92772724e"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693339116978
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 0c9c133650294ca2485db2f5e74b2d10.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
mzhlCP.Q4kGZtjrszMLY3UteK9JyKt8t
x-amz-cf-pop
IAD66-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
5d540c70-f69e-405f-b2c7-b271f46c3e2b
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
213
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ZGcrbbxGKHs+Zai4utVK1gX+91dc/0003mU1TFXZB+/vCaDFmBAc6Hk56dOaADyFVX4SNZF8fe4=
x-evy-trace-route-configuration
listener_https/all
x-request-id
5d540c70-f69e-405f-b2c7-b271f46c3e2b
last-modified
Tue, 29 Aug 2023 19:58:37 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0c191nwxkO2yLgqkcIK28HAq1z3dZE24mD07P%2FhNG%2B5HmumQsVbyBBKE8CyM6HmyyVemHkfDUjWN6Zh93uxSn9WBGaFhsIsiqlJLe2Bj%2Fvcmv0Cc9cL5zKfAO8qH53kngSFsjUCq7CH%2FNpUW"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-xmwnv
access-control-allow-credentials
false
cf-ray
8594687d19e144f8-TXL
x-amz-cf-id
aoEDfTUWDU6dTdoCYyhGI-n2SlnxsMfSIh5rdEmSsDzMQJeZQQUqTA==
reset.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/
760 B
2 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/reset.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
SK98NNV7293ZSD2Y
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"dd216fc74c067413933b3c64bb975273"
vary
origin, Accept-Encoding
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
adg6Tcxw8bHaHALCZHMiZcGnIuL6f9nZ
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
67fe527c-30c5-4636-ae16-73551637860a
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
198
alt-svc
h3=":443"; ma=86400
x-amz-id-2
8jsFCkkno1lUfF3zxzyT4oJ6I32qzep81QLYBRYMjkbWx/Lo3UOinucfgZy4zf0DI4A6e+J2gEc=
x-request-id
67fe527c-30c5-4636-ae16-73551637860a
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FFXZU5q2uUk%2BnkQbWaKi0pmaOTyHBq6MmoPy5lhLp4l%2BZ3UMImkNjPrBRSXrMWhSGyplINwb6Gkd9CekOV6jQ4A9uxU%2BKWlqi3WNbB3KPsGiIiE%2F5ItSyofawsB8IpU9s%2Ffel%2B7zAR9lm8j"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-7wfmg
access-control-allow-credentials
false
cf-ray
8594687d19e244f8-TXL
x-amz-cf-id
OU6FET6C7fJVUXGT3Qamu-VElzpdc_cvIRVJmN57TKqz7A9IS93t1A==
module_11124227288_updated_blog_body.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/
5 KB
3 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/module_11124227288_updated_blog_body.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
22R94CWA39Y1TKKR
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"34740dad57e89fd2749c7cdb3497cb09"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683298028261
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
HyZl6ue_xg82nZe3wq8kD7rN5WNVoPQi
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
10cc91ec-478c-4be8-a803-95e4c37a2351
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
179
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3hGdbHbNUXnD1V8e+z/1ui5kGO+cnwXrg1tUPIItzPUFeX7NxlFbUcvE1+ZwShfFAlXDmVK6294=
x-evy-trace-route-configuration
listener_https/all
x-request-id
10cc91ec-478c-4be8-a803-95e4c37a2351
last-modified
Fri, 05 May 2023 14:47:09 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59h2mnsazq5Oyy9tGAD3clXiNMxwGK52ISFRydEuPgIIgQeb6RMNVDOp1Z2GT9dPeSwBnTGYnEwow0QqO0FZGwAHKZud4mmYemeZ52FW2%2BtKGau9zpqo6bqOtumK3ISK9STg1siuPyiiL9X%2B"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-2p6jk
access-control-allow-credentials
false
cf-ray
8594687d29e444f8-TXL
x-amz-cf-id
Nfmh7EA4bfKcKUWYjxB6QLF-rRzJ0RFAETPS_L1JaRyRMleTBs1ntg==
project.css
www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/
720 B
1 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 cd9d9141cd83dabdc9d0a421d1efe1aa.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7858892
x-amz-cf-pop
LHR50-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nKAOa6wYfk5HRZN14Yf4fQ9%2B4So8Y5MGI1qlr6EXHj94%2BTvmDJz3l926OBmAB5Br6v%2FfCCz6BRDsIDM867FMnDYD6uc7sZSdiudZkcMyMICALCNRg3GlL1NHO%2FaXsE7Yn%2BE8C4lFgHXf12RQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8594687d29e644f8-TXL
x-amz-cf-id
ymH2-cb3T9WbD7Mo-GMQYgAIIZKXt7zKb0CwoIXdZ2br6cH_z7UwDw==
expires
Fri, 21 Feb 2025 04:15:28 GMT
rss_post_listing.css
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/
910 B
1001 B
Stylesheet
General
Full URL
https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 75f70026bed8fa7e14f645c02f074728.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7846344
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding
br
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXMPxpubVpX3wCuAjeX4rvWrselEuZDIbGfPdOPciTN%2BnpEuCsSTBQDXN7u5ObU6y%2BcoeaohNPFp3Aep6iyEaimvlAoomYyPcZHWVYr3%2FiZ%2Bdf%2B7ObptEUi2IzL6Lx4BroDI81qRQtytzV6g"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8594687d29e944f8-TXL
x-amz-cf-id
jdOI1kFWuxTkUaxUM7qs9OdqkTOXXUI2GSBs38RoV5BdbvWbDGhItQ==
expires
Fri, 21 Feb 2025 04:15:28 GMT
module_10828758285_updated-blog-cta-banner.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/
43 B
1 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/module_10828758285_updated-blog-cta-banner.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-request-id
VP018BTV59F3JZ20
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
"5c9c72ede880a71bcb77cbc90d5183e2"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681233594853
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ltjXTsnFD2W5CxxF4UctYebNy2UB5hTD
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
0e223944-dc47-4a62-89ae-04bf85fed30d
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
142
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-id-2
b3Fb9HFF6Mnn1/xDypF29SouvOQUd3b70pxlTwI+y38N1IdE3qlTLuMem1mXqrZd49ZSLhR71kY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
0e223944-dc47-4a62-89ae-04bf85fed30d
last-modified
Tue, 11 Apr 2023 17:19:55 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvfTy2dIJf%2BNPpTXy5Iawgkl7Qn8nXAM5pUOmKqKAu%2BuBxzv2CJLOO4m4%2BPo1mIS%2B0BF4mGhl6rt%2B3NdQF3tSmr18dp5PCyVwKz51y%2B0m4tQT3uQQuDic%2FwckcRUYyZhFb6jX4ArsFx6rO5X"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-5sf4f
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
8594687d29ea44f8-TXL
x-amz-cf-id
Grd_OjWIflgoNUC0Q1vOLA-Q2Q6R3Cy9s8EsUj7ZlMgS4iHlsVF24w==
module_10828273430_updated-blog-footer.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/
1022 B
2 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/module_10828273430_updated-blog-footer.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
GBTFRA2RBA1D0WQ5
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"0db2aa71f1f3b6937b6f53dfa6ff0be5"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1681233744378
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 0ebe6e1aeade584a38f4b98aa3f2014a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
t.xmjVBLpB.BylnQD5kN_qjPsk0xLKEI
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
c71b5856-c21d-4e85-9935-ffbf264177e0
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
424
alt-svc
h3=":443"; ma=86400
x-amz-id-2
i63cYN6oMq8kAGN0Z361Q2TaZNYzsfQK5wMQJljlGf/IUddomNrP0wdOpN2RNUayUr73StZF+E0=
x-evy-trace-route-configuration
listener_https/all
x-request-id
c71b5856-c21d-4e85-9935-ffbf264177e0
last-modified
Tue, 11 Apr 2023 17:22:25 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=er2ZJ2hJ2jroQctKw%2Fox3CZhppUkfUSPdYhbG98c6YsD%2FeSj%2BtEQco3P6mBZLYEL1DjZPOH6IrOYx7HJbk6dJZ3pregCBnNP%2FDbFE6eCspHLdYZfeL5X5FBBMBL9kvgjnrHqJnpUWUEFr4V0"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-vbm4n
access-control-allow-credentials
false
cf-ray
8594687d29ec44f8-TXL
x-amz-cf-id
jM_fGJ-easSekflnggB3vhzBUrhqueUmEFGr5r7OzRf-KgFaXfmogA==
all.css
use.fontawesome.com/releases/v5.2.0/css/
46 KB
10 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ce26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Origin
https://www.avanan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Sep 2023 01:45:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
662700
etag
W/"20a9ce516eaea76da29a23adc43e8998"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=st84Qw91J9SBCAgTqz4oagH7mwwiGCOJeDh7LgDW7bgKNt620YeU71AqXu3FQNEzg6fF2cZlNzZvyaQlMqZqegrPnZDq3s4xPmoYSm%2BVGF7uY1mjQ2snpnoW0RNHtux2qS8URXXf78hX0M%2Bg6PtlvaPL"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
8594687d9ffd0b7f-AMS
alt-svc
h3=":443"; ma=86400
css
fonts.googleapis.com/
19 KB
951 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7b84d0c350cc891e35015f8befd4edd064b4c72fdc88e6af291baf07f8d344a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 22 Feb 2024 04:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 22 Feb 2024 04:15:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 22 Feb 2024 04:15:28 GMT
js.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/
2 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/js.cookie.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
614892
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
767
last-modified
Mon, 04 May 2020 16:11:49 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec5-6c8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZVY1qilUl5x8iuCe5gTvkNJG%2BoHU9zGBpnRjTl8llXCMBPpa9uPQzfki0PjspIsgPwSuVmp7Aipjln0H%2F9PM7YF1USRVP52KHOEIiGVWgkO8Q557LFumWK53Npx3bEt1QJgSozWa%2F7M4C51L72cilSa"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8594687d5fa2aca9-TXL
expires
Tue, 11 Feb 2025 04:15:28 GMT
in.js
platform.linkedin.com/
510 KB
160 KB
Script
General
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::62 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f26854817a79fa7c13774fc75721bacf265577b7ca19a1ee9e716b37ade7fa9a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
x-cdn
AZUR
x-cache
TCP_HIT
x-cdn-proto
HTTP2
x-fd-int-roxy-purgeid
28718918
content-length
163629
x-li-uuid
AAYR76n3spLhN63srTwrYQ==
x-li-pop
prod-lor1-x
vary
Accept-Encoding
x-azure-ref
20240222T041528Z-1tvscggzet2dz4rrste7z59av800000008hg000000002ms4
x-li-fabric
prod-lor1
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
x-li-proto
http/1.1
accept-ranges
bytes
expires
Thu, 22 Feb 2024 04:01:46 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1708096377416/hubspot/hubspot_default/shared/responsive/
4 KB
2 KB
Stylesheet
General
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1708096377416/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6fd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding
br
age
478774
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"fda5882b24ca5a84d04d090722dc713b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1708096378071
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
fca927be-f894-48f6-b1ab-8e40153f0588
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
176
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
fca927be-f894-48f6-b1ab-8e40153f0588
last-modified
Fri, 16 Feb 2024 15:12:59 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7ewWSimoe%2FkjXeIjrKWtdhzIsUxl832XXfDHp0WuqhegSrJnm9UnVKxMeiSiHLSMW4RRZ3NfCzuNKMIcFOo914TrXIObmhXvW8HLzWxjx5XOOWlk577dy%2FuIv7eFI3Z%2F7nIbV22MXRKkMyd3dw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-b79697d9-vsnvs
cf-ray
8594687d6d8c58d8-TXL
gradient.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/
120 KB
20 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
GENWJPVVCXK3QCP6
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"336dca61498fc7140b09ba03ed7bf73f"
vary
origin, Accept-Encoding
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 6400936fc4525d1c60e3e8fee9d4806e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Np0IHzSsaoWIRo2pA7QSOE6GTgUdVUIS
x-amz-cf-pop
IAD12-P2
x-cache
Miss from cloudfront
x-envoy-upstream-service-time
201
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PlowqmtlfJeFXiKYNVo8zwM1rC140qCMqBnO+8hADkyUC0Sde0Kbpfereg2x1KxcovZlNWc1wRo=
x-request-id
0cf7dd18-fbae-4e23-a8c2-6000dbb6430e
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:40 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z18vb%2Bb7QnkefH%2BU%2BpfKhfLywchoWvXoIdkMkNw33dP0Yw7G%2Fjb9zsVNgeCJ97GHqVzsxnX9MlMEpXGj6IOkE31DGRGfwB6OqBKgJ3h%2BD2jRz43jPqNCFFplJeEZxztJ3GRXVvc8QiCWWMea"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials
false
cf-ray
8594687d29ed44f8-TXL
x-amz-cf-id
lIvloC1HDKQ12h4RoWdjYkBu4-cxijAvAgfZleWkpJjgclAOBXuEgw==
template.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/
193 KB
34 KB
Stylesheet
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
57F9Z9E2DQBSXAQQ
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"c532cb73709fa483616feef093f4d595"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1693338323621
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
V4U7qS8p16YQ5afAoV9tdACdkHL_IvNE
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
542514f9-a94b-4424-83a6-747768922af6
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
276
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DIj+BI/r4otdZGRTHcSeJ7K9Pl2G3LHK1Mg5a9xF+dn44LEiNE94kJ5D/CpPdF5OWWkW5T/o6to=
x-evy-trace-route-configuration
listener_https/all
x-request-id
542514f9-a94b-4424-83a6-747768922af6
last-modified
Tue, 29 Aug 2023 19:45:24 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXQuH6gNdtRwNMkSoeq5Vj6l8mLm%2FGP56VVcSyUi2KprKMyVMW83l4cfJ30TRfi9RHC4nrne%2FnJyxN7Mj3qfXsAUM2Zci%2FiKwrvZvLl%2FZzuVTWyVKCPZtzMmaVdXE8z%2FLx1iGfO67URaEqH7"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-2p6jk
access-control-allow-credentials
false
cf-ray
8594687d29ee44f8-TXL
x-amz-cf-id
Mfht-zmAqXlfk7-XPjmxKTbLXPFeVb7N8CJMYz9khe4E5qreQGywgg==
animate.css
www.avanan.com/hubfs/website/code/css/vendor/
76 KB
6 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/animate.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 6f32a39163a1e36ace7a71a85e2d2884.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323299
x-amz-cf-pop
FRA56-P7
x-amz-request-id
4N0SYN9D37467M3D
content-encoding
br
edge-cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715886,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
DNimaXPyQx0q8PYRQbkCSZdSE0X.bmnJ
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
rK7vZ/Ckcnd8qzYfvVC8X4mIxGAQ1+CL0Zs3b802ZH74RHd0BWZiRXKk9AUQYz2zKNK8HIW4NhT3XjArkMtc2Q==
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"d96b2083b0acbb11911bb4f068158299"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LCSiFldCuYqlw57Oq1mxKXqPoinzF3xWTU09hse%2BBnV%2BCXfINrfEh7QuSWq%2B6%2FgbWesmhEN9QQAyVsUhWEuPeuG8F6JnY2rtWJeMckVnhvXpsMLso8ecIbW4TKW%2BzZw7q0I08ykJ%2FmDoBGv7"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687d29ef44f8-TXL
x-amz-cf-id
vxem2XCobTVEfdpgqPMsSdraOKDLVs9lFgk4OZgsJOnPVrqpdeLOJQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.megamenu.css
www.avanan.com/hubfs/website/code/css/vendor/
4 KB
2 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/hs.megamenu.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 d34cf2ddbdf9774517330fee6a26e4b2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323299
x-amz-cf-pop
FRA56-P7
x-amz-request-id
12K92B43KZ6E3RRX
content-encoding
br
edge-cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715922,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
xY1xlt9wqfq8h7_kClSamJ0VluM_5ZF9
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
KyC6eIJhKDb7tGvs/mrJr76G/UnDG/XzefOWiwMkgatQIO7QSx3M6vHb0wg+/WsUdTHjuSSxlsM=
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"c46d4ef35d114216ae8c0fe4137c84d5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9nBiaF1VK4M%2BF9fz7azwj9aGq7on4doQrxVfU8ibF44kzBAxf%2Fn3TbHLhd2negsBCtT2SEyBDsqwE1jkDDuNKParzscT9UQn2ixETC9TBqKFAE6UAbjKBdqGSpeIeSek1JzvyKPmSb5oD9vs"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687d29f044f8-TXL
x-amz-cf-id
tMl_crdY8xJU68i285J4tQ1DjWmFDERWzCArl0GD-l5KYCNAjyMrwQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
dzsparallaxer.css
www.avanan.com/hubfs/website/code/css/vendor/
19 KB
5 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/dzsparallaxer.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 e326a777a9bfe8176dc149a172534f54.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
476534
x-amz-cf-pop
WAW51-P4
x-amz-request-id
SWNRDR4YJJ7W0JBW
content-encoding
br
edge-cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-10555715948,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
OQfzSS0e1XiUHyu7fgd1SQC64WCGDBlx
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QIBMq7Dmo7NaKngFC0byhOyYMrtMF6lyLuAy7S/nK6caLFo4rlN8NBlx9PszpHdNWlvmTPzde4PTMjsZrXPdNvfV6sWCpss6mYukH3osEg4=
last-modified
Tue, 18 Jun 2019 07:24:00 GMT
server
cloudflare
etag
W/"319d193fcbeb97bbd3c83a72ee3dac65"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpHJCANtFsTDV5XJq8MuGwsGMuxEZwpu0RrrFFE2aKOpQjDKSskOgBug7PI%2Bwg9q97dnCTs4c6j4xVpzBkHZrEH5TmLzhZAQ%2BE8Hw3H9mYs4LNnLUWZnDYW%2FEOes08H4c4heyx9sJFwTl%2FaY"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687d29f144f8-TXL
x-amz-cf-id
SOVsv2syfwGVmJgny_qzYWVWGoXPV9__dxOun7ArWzl1WbAeRyi6qA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.min.css
www.avanan.com/hubfs/website/code/css/vendor/
41 KB
5 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/vendor/custombox.min.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323298
x-amz-cf-pop
FRA56-P7
x-amz-request-id
M1PBCHP0R8EK2726
content-encoding
br
edge-cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
cache-tag
F-12524627747,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id
7rgoaYxL_.zq0Q9pSWvug18ufCSiqriy
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
3Cvdb++J8V3mLNcFIsQZfZQgUuHxks9H9UhIf1y53xSQmuGVu6devoqw5NRlJRiDq/n6p7iu3RoqSGo10UZrkHD6kWctVcOJPuj5PhsabGo=
last-modified
Thu, 29 Aug 2019 14:21:43 GMT
server
cloudflare
etag
W/"3546f0274dff535bcf97625374c1c7cf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GA%2FYGyqGB8YeBZjTxbPd3MeD9K%2B3AMwKX%2B1QzlPZWdGB%2FGFc0ky%2Bq9hj8vg2xE6GPgBs%2BdlfbtA6BAXzfBXUG3Ucgh0xnr7keT5YOEEQr%2BzgAn0zaoqXtp%2F6MvxDfeq3V3wd3PNDdiFj25Lf"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687d29f344f8-TXL
x-amz-cf-id
90y-ALDzOYSMuW7HMny8UsIekGFeWLvWeNrWApE9dunMFvbDO1sn1g==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
theme.css
www.avanan.com/hubfs/website/code/css/
393 KB
55 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/theme.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
age
323298
x-amz-request-id
KB6CY5D8STMM8056
x-amz-server-side-encryption
AES256
edge-cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"dd24981f95399e7f2d5674114004c268"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1566500436528
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
.VuZQK18yvpctq7eWnfEjZ9JXuCTwHN5
x-amz-cf-pop
FRA56-P7
x-cache
RefreshHit from cloudfront
cache-tag
F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Y7Hyll4vn4SR1FV2oDBl8Qs6jqQ0INEVEG5s2i/mkVuLFhKcxXRlmvMCIIbLZQ5Fr9I6BR1oQ1c=
last-modified
Tue, 29 Aug 2023 17:12:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQWCbRRD2vOe91jOTkyM68lRFoon3%2FvgWei5EhpXO10A3NDThoW1vmsm1swpceCjWuQ1gX2prbOKeqGW389wHf8EoOXG4P1JDRai%2F48zM3fJKjMoAR7Djphwr%2F1%2Fk3YIxrDTsr32O%2FQ%2BUwWJ"}],"group":"cf-nel","max_age":604800}
cf-ray
8594687d29f444f8-TXL
x-amz-cf-id
EfeunHOdvJnHrbI2tkhRBIZVArUROuOprKApNHEMN3QEI_LAI4AlTg==
header-slim.css
www.avanan.com/hubfs/website/code/css/components/
84 KB
10 KB
Stylesheet
General
Full URL
https://www.avanan.com/hubfs/website/code/css/components/header-slim.css
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
age
323298
x-amz-request-id
V6TP0VYG9RDE5P9P
x-amz-server-side-encryption
AES256
edge-cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"b144dc1e3369574aa43f95d44261c80b"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1590586777336
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
42YSFG0lTWtnZ.W1lT05OT2Zcvw1os6c
x-amz-cf-pop
FRA56-P7
x-cache
RefreshHit from cloudfront
cache-tag
F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
x-amz-id-2
0tq4BDc2c15WvGLtsNNwVFc1VrJqk9L6nqLg6D0E23bt2m83FwkTgNpK8K3G032HZD4lIRUhVSfLX+mvGXTiBUgWs7f0wFIW
last-modified
Fri, 08 Oct 2021 20:18:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YapH2Qw9XD9dRWzM%2BU5SWvi4loNQI%2FWpfPhCvtRNdxLEq1pKnbKLwXFCMX8cJFU2n6WDlwS1dw74F0KEDGpLIj%2Bt7fRnMm0%2FJ3rxeLMSE33k8Wz19hqmmG0U978ijHCjsyIoS6oF2GZHsO8R"}],"group":"cf-nel","max_age":604800}
cf-ray
8594687d29f544f8-TXL
x-amz-cf-id
a08pdcfIomNGNcFlsZRlzpVXK8fZFtlvEXLcrWaOcYoZRQASuXK8Bg==
css
fonts.googleapis.com/
5 KB
956 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cab0bd7418905a8b7ac2510a8708b4bcb01af80459e20265582d4d96ae931c06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 22 Feb 2024 04:15:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 22 Feb 2024 04:15:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 22 Feb 2024 04:15:28 GMT
How-Safe-Are-Your-Emails-featured.png
www.avanan.com/hubfs/website/img/infographics/
621 KB
622 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/infographics/How-Safe-Are-Your-Emails-featured.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
age
323287
x-amz-request-id
F7QKRYFT7G2QBGGX
x-amz-server-side-encryption
AES256
edge-cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="How-Safe-Are-Your-Emails-featured.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"c633bdada0f0b6b3a8ed9923b6fb540b"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1628160146967
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
.d7FqQt._o1Rnh6A1lokFj0_Ws48Edpl
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=866167
x-cache
RefreshHit from cloudfront
cache-tag
F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
635542
x-amz-id-2
XVBQjnnsgAhS23S4ljb1v+CQ/bqCl1cWjJfFAXlAfeIWDR11w4Vh/2wxP1jAs1F8CjjeHvbHPq0=
last-modified
Thu, 05 Aug 2021 10:42:28 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIuQc9DzwnXgqPHVJPaBwWAYum69zkbPosnr4OgYeGRJJKfCnPyHD6ZbAb1eTHtyBlZzYh7aewDv2lVlp0g3%2FvJZgvax%2BoUIpNDkUFxuiq8%2FnsBdYnJVrZrRRWm8e2vkgsBuoin%2B3LbmqG0N"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687d29f644f8-TXL
x-amz-cf-id
d-28Uga4KAA8MLvkJYJBFewTdYwI9sDsOd3OK28Zn-9s4l2Ap5w7GA==
av-cp-logo.png
www.avanan.com/hubfs/website/img/nav/
26 KB
28 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/nav/av-cp-logo.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
age
146903
x-amz-request-id
EWD6VFTJWY5TD1NX
x-amz-server-side-encryption
AES256
edge-cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="av-cp-logo.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"54f8e06ea392f631745f18834b4f75fc"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1633720390182
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:28 GMT
strict-transport-security
max-age=31536000
via
1.1 93efd892a8e99dc59164afbee331cd56.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ihC_xVZudFnTMh6T1X7C3_Yl8xLb15Oa
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=45855
x-cache
RefreshHit from cloudfront
cache-tag
F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
27014
x-amz-id-2
yOXh0WckueaqIlpkXtcNMZNHNq8onS4FY9tBerhZZu4pxfLVa8jQsjCSQDDitJo+o5qal4apOh8=
last-modified
Fri, 08 Oct 2021 19:13:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FePnXuqvpoBD3zK4EpK61l0dbAoFvBow3o%2FaHOa8QYFUyo6wtbwZ7%2FdTFf3IS6AGWH264qtB7qt6GZR%2BEvUSF6mqXkkXHI9xbZDvx2RU0GyQYM%2B24Yx7O43ZuJCzKieVEWw5ap1WBJAR7rFR"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687d29f844f8-TXL
x-amz-cf-id
A1W9afbwYe_dRnaDEpysGMYLNSE-oaAvMOMYm6jHtZ4CCQpXNWj6DA==
documentation.png
www.avanan.com/hubfs/website/img/nav/
868 B
2 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/nav/documentation.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
age
323287
x-amz-request-id
RC7CN42FP76TGVFB
edge-cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
content-disposition
inline; filename="documentation.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"f4d503cd55e042264b3bbd74f58ac560"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
V87Vzt5MSqkUDoZ5asBko88rN0wJ5iGd
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=3416
x-cache
Miss from cloudfront
cache-tag
F-21241301263,FD-21136118110,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
868
x-amz-id-2
ZBWn12MKZJPGxfnyMdIkzrNeOJrWmxC5f2QELyP5N04qD66A69eXIczrT6g3qBosY4tZuUkGTFI=
last-modified
Thu, 14 Nov 2019 20:20:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ziFuIohCNiTIntWRo2%2F6zc4YzEKplYDKOs9b%2BNDNHO5ch0y6LVwmCaOhYu7gdJNdZD9n30QSjLmbqDVVd%2FZd1ikjt5vM1qhR5ydmJJudePizvcX19k7s74hqg6WpVlJiwWPcczd7q3szxGt"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e2ad244f8-TXL
x-amz-cf-id
3fXroGmMhLMAsbIrZCc5DeF0bx5kXjY11XqxbxVdfPodZWbEjE0J3Q==
open-ticket.png
www.avanan.com/hubfs/website/img/nav/
700 B
2 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/nav/open-ticket.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
age
323286
x-amz-request-id
M1P9S0Q1MT8SB0T6
edge-cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
content-disposition
inline; filename="open-ticket.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"9034a241fdd02e0d9dc532075852965e"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
0c9cY9eUX.md23IeRyXXqhmeaLhfDOS6
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=3180
x-cache
RefreshHit from cloudfront
cache-tag
F-21241291417,FD-21136118110,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
700
x-amz-id-2
VK4FROpmxG5ygwKoeLJ0C+7kWFCS8cyogAQHNzmcOhGopz7wmYsP6ipcGPwzejKtLwhug9nexq0=
last-modified
Thu, 14 Nov 2019 20:20:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kZrPrJt5qgY9wKWTQACTUGBQvotdI4kbukoqISJCxiMuKy0pFs%2B1QIV%2Fc3riH4ePoYCXfB%2BTStYMUyP%2B1XTbjDZ5sNHg5cP%2BJAGH%2FFW2XtbhnDcjigAF5oqxZ94g3kqsspR8lrUCchjp1V9a"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e2ad744f8-TXL
x-amz-cf-id
a9H4t2hYIuJGmTx64dGvRJunIY0pQw2Ju9ndxVMzd1PC7RRoX3UCmw==
jeremy_fuchs-1.png
www.avanan.com/hubfs/website/img/people/
1009 KB
1011 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/people/jeremy_fuchs-1.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
x-amz-request-id
6CA781XBWMRDYW56
x-amz-server-side-encryption
AES256
edge-cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
content-disposition
inline; filename="jeremy_fuchs-1.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"f708d6febff5bc6d07172bd7465dd726"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 e8763d44c4998cd590854aad30f4704e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
nQ.kuHwFXuupsUc1qfCvxdS2PMk7c1js
x-amz-cf-pop
VIE50-P1
cf-polished
origFmt=png, origSize=1632605
x-cache
RefreshHit from cloudfront
cache-tag
F-27817468088,FD-26510702723,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1033412
x-amz-id-2
pe2BZyBTOY76+x2T8P+fbx2j5oOSEZdJJKU72EHMSQyhoxHo5O+pm/3X2e66WvPJr2ux/4ZfH3M=
last-modified
Tue, 31 Mar 2020 14:03:42 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1n9GiNbFRKJmd1Kk7L1vHBAKzre2gavU2ZgYbij6U8NyTiLrlulWB6lrq90Pn0vQ%2BThO3kDpFSjRsIhFcBBptolPdi12b92h6LpsIdmb%2B65Qf%2FRd53VP%2Fsho7K3uSxI41bSc1JGoPFEQLiUo"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b1f44f8-TXL
x-amz-cf-id
qSxuZTUjpJwDuYAnKm0hzA7IH7oyuJ7e5OxYHfLIXQqN30IYy1tkLA==
Featured%20Images%20-%202023-03-17T145245.680.png
www.avanan.com/hubfs/
34 KB
36 KB
Image
General
Full URL
https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-17T145245.680.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
632aad1aced665736ec2c09c131e25fb0f8f2c8b50edd7eeeec9266d205f75de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-106959300760,P-1835778,FLS-ALL
x-amz-request-id
FZH5W0HKA72CYC6Q
x-amz-server-side-encryption
AES256
edge-cache-tag
F-106959300760,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"8184b39234a017d6f678641fc2737b90"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1679079201823
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 b2373cd296c22c460cd352ec0beb0b2c.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
FD_.4wqomlSFuIIhZZQPP7rxbu9HnHlf
x-amz-cf-pop
TXL50-P3
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-106959300760,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
35154
x-amz-id-2
8qJ9OV6ask6jD4r30wdMqP0yaGXIU/2dOLlrFZXyFF/H7aexBQZxr1NEAUGAVo7CEabU+0ZupKw=
last-modified
Fri, 17 Mar 2023 18:53:22 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35JOBjNUzzCoZV6UkdCN9%2Fy2gUp4XvkNepp9Z5A41XYkTWzcsqSfXy6SMfC%2FO4AEd%2FKvAc5cOk6alZwpQ3UCXegCnX9kOBlLgRUa2z0xB6VJRjuKoZyPSCmI7m4MNPuyWHMiicl%2BIwA%2FHVsn"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b3344f8-TXL
x-amz-cf-id
iG9h3pvRgQSPPDtmsMEya2bg9ZAeLfT_TmxBXAxYUHAKdbyuEBYcFw==
Featured%20Images%20-%202023-03-22T155358.792.png
www.avanan.com/hubfs/
32 KB
33 KB
Image
General
Full URL
https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-22T155358.792.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb3d44316a4c7bf68ca5d8bef0896c554f5264e57fc49bc7adc3f34636ee53ed
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-107570278950,P-1835778,FLS-ALL
x-amz-request-id
66P7SFMVB74SPVWA
x-amz-server-side-encryption
AES256
edge-cache-tag
F-107570278950,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
"6c151c92228713bdc2ea5328be6b4d04"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1679514847342
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 a0c77ad2e3f5bbf63535bc898f348e5a.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
cDB61xf7ybKRCVzSjW2LRtKDaTk5svv9
x-amz-cf-pop
TXL50-P3
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-107570278950,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
32311
x-amz-id-2
GF4tQ/tQQ6JOmuY2EVOi4gOc3Ru+g5FITc6Ig4R4C0OK0vWtdv3ZPPMQMZ2u50G4YgR1egbOYgc=
last-modified
Wed, 22 Mar 2023 19:54:08 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qdw9ighaM5mZAYWQQgrhKJF5YRMOgcwB3gcrZnp4OAd%2FH%2F%2F5oqdtbFN962oA0GO4dNcaJM1dAPI6UkAGfFP2pXZ4h9zmWmsTf53TvJ%2B2uKhUx4WJJyflEVL%2BnIExsqxtYIwH4eLOlryPHbRn"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b3444f8-TXL
x-amz-cf-id
X1_5Db83mtQjPMsC_ZOU5CfWbe6J6eW0apQoBK7Iy-m_a71Ut7pNNw==
c953fa87-efa0-494e-9947-98ffe764fcd8.png
no-cache.hubspot.com/cta/default/1835778/
1 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1835778/c953fa87-efa0-494e-9947-98ffe764fcd8.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
x-amz-version-id
null
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
Z8ZRACVKNVTCPGR0
x-amz-server-side-encryption
AES256
content-length
1111
x-amz-id-2
K7GTjFjDewE6I9M4yol88TNUNpWkVaePc3N1E9pQ9YWIgJ8UAALfiYb3hFAWmBLLFsdHIW+KvP8=
last-modified
Fri, 24 Jul 2020 18:46:48 GMT
server
cloudflare
etag
"af14e3eef5578014fe49b0f4a662ac5c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uarcLafOX7fqUKuW3430mxGNpnmbAgskKdRZJskLumN2wznpkPOttHw0R6kD3%2BAcNW%2BPDZ2U%2BIKrXpNOKNgfhJ6wgZSCRCeIaCkbQwWObBNzD0ymRgYXNkemww9S2oeTvLS68RVR%2B6m8A7CnDVa7ig6o"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
8594687ecd2b58f6-TXL
current.js
js.hscta.net/cta/
18 KB
7 KB
Script
General
Full URL
https://js.hscta.net/cta/current.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d533 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7d4517c08bd45d9c379997b693687663a2471c927810bdcac5a8772c68e741
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
age
126
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.258/bundles/current.js&cfRay=85528317d8c958f0-WAW
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"95737e927a3038e3528bc4fdd069fbeb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.258/bundles/current.js
date
Thu, 22 Feb 2024 04:15:29 GMT
x-amz-version-id
D_jvS6jy9FLgzk8cWis5IHsS7l5vauMB
via
1.1 c0b0d7167cc2eb52d8d154aa7fc03a0a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
eedf1355-6446-4c0c-9847-ab989c5fffc6
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
x-evy-trace-route-configuration
listener_https/all
x-request-id
eedf1355-6446-4c0c-9847-ab989c5fffc6
last-modified
Tue, 13 Feb 2024 11:42:13 UTC
server
cloudflare
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-748b697-t25qt
cf-ray
8594687ecf7b4534-TXL
x-amz-cf-id
xQR6JkLRon3gx9CVVYqNuhY_Qgj3vQ-hJHDlsW7G-nk-SCOW2vZztw==
widget.js
www.gartner.com/reviews/public/Widget/js/
9 KB
3 KB
Script
General
Full URL
https://www.gartner.com/reviews/public/Widget/js/widget.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
cefa070557861023a0cdcd01ac9b84d8212be8ab4461d82b051e5211edce1723

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
content-encoding
br
cf-cache-status
HIT
age
1036587
x-powered-by
Express
server-timing
dtSInfo;desc="1"
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 09 Feb 2024 09:41:33 GMT
server
cloudflare
etag
W/"23dd-18d8d3e64c8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
cf-ray
8594687ecece58d8-TXL
gsuitemsft.png
www.avanan.com/hubfs/website/img/blog/featured/
7 KB
9 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/blog/featured/gsuitemsft.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
38de6bc8c2c8a9406f81c95c8cf7e192ecf20c0d5de9afa0b83ede7954743120
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-45026721816,FD-11279853394,P-1835778,FLS-ALL
age
323278
x-amz-request-id
QPYVQDFWS3M03HTD
x-amz-server-side-encryption
AES256
edge-cache-tag
F-45026721816,FD-11279853394,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="gsuitemsft.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"c5f99be14ab21fa89a34782d0b9f750f"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1618341441362
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
y1EKZw9E0SZf_0qX54r5aDKCg2_.DZWl
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=17667
x-cache
RefreshHit from cloudfront
cache-tag
F-45026721816,FD-11279853394,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
7612
x-amz-id-2
76oNnzG+adGVHSfLHjvbBYCZgRg/RjHR1OzefCEw4e7CxHEU0ml89hTJR2ZTLerY8gJDpuXFWEY=
last-modified
Tue, 13 Apr 2021 19:17:29 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dg8NQaEBi8ulRqWUbl8RipDu2CefrRjG2UMCxRUJzyaY0eB3xw9Vxn7Ln2%2FFP1x3OLbqwBE1sXqAoIPwv30hi0%2Fzq5fia9iVQ%2BS0FERkW8T90vEp7HLtufGNk%2F5rtAjuj8LsLyQp%2B50mc7Bz"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b3544f8-TXL
x-amz-cf-id
EDpPRuRl14Q1uR3_eKI4xMJXabIeBkZ1xAK-aLaVI9wua79y6NqU8Q==
av-cp-logo-wht.png
www.avanan.com/hubfs/website/img/nav/
26 KB
28 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/nav/av-cp-logo-wht.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
age
323278
x-amz-request-id
3VQB5A6F91MRR75K
x-amz-server-side-encryption
AES256
edge-cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="av-cp-logo-wht.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"6b25c756c0ec059c8b971ac07c1a44e2"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1634845767354
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
r2zJbm9CEK3FOJ9Q8VqLC35kT_FW.6aY
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=46170
x-cache
RefreshHit from cloudfront
cache-tag
F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
content-length
27120
x-amz-id-2
YNrSOevLFYQkFhIVx3xXW7d0O+RBrC6Z9rqvMKjgtEDwJ6z9l/5NY9c19uZScWkee4GbHYjRp3g=
last-modified
Thu, 21 Oct 2021 19:49:28 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaKOPrHsqJdhAL6XWCmHNtywDvEe6xP1PPd6kzTC4sbhH8sGcreDi4ZPUE4mo%2BEe7rninZaT%2F3s%2BhwSfWmUQ6QmnnveEu68AcstyvdZ3Rao4gfLU%2FGRD%2B3fMjiTHufEWbCuAoPULG66TF8z3"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b3644f8-TXL
x-amz-cf-id
IPWQIwbhRgWpO_AnFnH3kX0DS6EKyNS-VSp2gKPk8Zpz_JZ9Aq0edQ==
soc-2-cert.png
www.avanan.com/hubfs/website/img/icons/
27 KB
28 KB
Image
General
Full URL
https://www.avanan.com/hubfs/website/img/icons/soc-2-cert.png
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
age
323277
x-amz-request-id
8Z6WFXJ5DVMFZ38V
edge-cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
content-disposition
inline; filename="soc-2-cert.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"2242d63f47a733e65cdebd6f3be3a08a"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ENN2NKV.l.gZzdTLCJgVyrfErf7Uu3mK
x-amz-cf-pop
FRA56-P7
cf-polished
origFmt=png, origSize=44339
x-cache
RefreshHit from cloudfront
cache-tag
F-24177175536,FD-10543955849,P-1835778,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
27216
x-amz-id-2
Dd2BnxfpBkHQ9t8IfQcMX5oDVfAVwUefUqUfj3B0y61/C13Qq8q4lkOqI/LerdPlG8TN6QIbTW4=
last-modified
Wed, 08 Jan 2020 19:24:41 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uBmSa5NwQaVnNANXtd1nWoSxYSSsu1FFwtNUfOJ5oio3h5qia5vmO0kFuaefXAPAxkO4QD4cJ%2FctzoRR8otPVLDt1PjUyFwwDsHa1mZpZzq%2FpzyJHAOMGU6%2FdFg66rBpdn1W7hv5fHA58rrh"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
8594687e8b3844f8-TXL
x-amz-cf-id
xQopAUm56QCitQY3LA26PwFhqsakLzKEt1-VoVNI5jl8PNehsF1iGQ==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.388/
14 KB
6 KB
Script
General
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:4ffd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
x-amz-version-id
GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via
1.1 ec556e7b2261ec9453578c3e51f5214a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
WAW51-P3
age
682950
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 15 Aug 2023 19:48:57 GMT
server
cloudflare
etag
W/"8741985292d64b839be39c64b14f3783"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FP0gOCqx0w6LeG5QK1xRE3BKP3KtXX4FT5H%2Bvy3BWWDISbpH6o%2BhokC58%2BijiNOGfhXKZtnhAz1Hg3m8JRVriMgD9WlOl27QlwBndJbuImeHGJxqofOTT8agn77MTD4C9xTLS4XZQfDfLp%2BPYY2radqPtbI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8594687ecbc06a76-TXL
x-amz-cf-id
Pz5_7WasWN-ISGawE00PIJQkoJ94VrRPw2B5EdsLm5nltYy1CqUY5A==
expires
Fri, 21 Feb 2025 04:15:29 GMT
jquery.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/
142 KB
38 KB
Script
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/jquery.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
BTQ7BRVV9G9PV5WM
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"58abfaae2dedf59326b2ea681f828a06"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ebM6Jbr9unIlIJHsCtn.BkHxdP32W5Tn
x-amz-cf-pop
IAD89-C1
x-hubspot-correlation-id
71bfaf69-8185-401d-9285-55cf1db90e55
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
395
alt-svc
h3=":443"; ma=86400
x-amz-id-2
tPJsjS86R4RDRf2RNEjSsJqcpOhiW9+m+580iqNtTTXFcg5SV25mrRQWse9gd7/UgxRJ3oQ2ms0=
x-request-id
71bfaf69-8185-401d-9285-55cf1db90e55
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:42 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pvAG53JseUKNez4OmyCtd%2FZBLHFxOcBcE6mFNh60goZchNrk4C5sM2fSWvoKhuKCq%2FkRCdO0sbu2VBtM%2FZKZBb3xFQS0TQusLSVXbTNAxH7Wj1gskSJh1GzmbhCgE5RF7RbWq%2B3ZnZ45728I"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-v96mf
access-control-allow-credentials
false
cf-ray
8594687e8b2044f8-TXL
x-amz-cf-id
0NQl_JJQXWibLmC5VxZbvn0U1eyH-PW_tUYLoPK48cH79Y082XtpkQ==
bootstrap.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/
112 KB
22 KB
Script
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/bootstrap.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
JY37TF3662BFF3H9
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"d810a38ca2781735a27cba0625a027db"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 d2e1e0faea045dae6d3b3de4549846ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
3IDp6mXhqSOlZQ4n6QKdC4Peyv0EBjJp
x-amz-cf-pop
IAD55-P1
x-hubspot-correlation-id
28635c1f-f887-453b-8863-a1bd92e3591f
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
167
alt-svc
h3=":443"; ma=86400
x-amz-id-2
b2g2FiTOenWhmyLC8p7eculxjiVtp+AhfZ63H/G6wOikTYsOiFYjFL7pRDcvhVP2/jAgdRst99A=
x-request-id
28635c1f-f887-453b-8863-a1bd92e3591f
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhTTCpnx%2BPpM7I5t%2Fps0kpocQLa4kRt4PFirZuf15xZ6Ku3xUR9pEni4DK04%2F1kCO0FNmI0Bk%2Bf26Dy11%2BADRwCqxpNVKJeUeGPqfao1UEt1iAwbH%2B5Fa9jK%2F4zj2OrWf5AOkW7LGPDw5VVh"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-2skps
access-control-allow-credentials
false
cf-ray
8594687e8b2244f8-TXL
x-amz-cf-id
Yvr8CyIh1JdzQfqJr2Tn2duVydCdCvdiDzHb0UAI3w3_GdvrsTOUGw==
plugins.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/
508 KB
119 KB
Script
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/plugins.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
FH7H64MNE9JRJEAD
x-evy-trace-route-service-name
envoyset-translator
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"c612fe430751a00bb8750c6601520596"
vary
origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 05c82d802dd7dc7f98fd5d5083d604ba.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
7fqlaiSrobvA_myCcLItYFNxElIoA1r6
x-amz-cf-pop
IAD61-P1
x-hubspot-correlation-id
bff122b2-0f6c-45df-8687-2abaaa1efccf
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
324
alt-svc
h3=":443"; ma=86400
x-amz-id-2
CDp0VFg0T7y0E/Y6vVpnxAARrNuTvEkz8+WuH+mYzpb3Tb6gAUfrhYWkpBFRtMFcdi8osZpD+Np3vvfQCKMOxaxsbCv1wk/n
x-request-id
bff122b2-0f6c-45df-8687-2abaaa1efccf
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 02 Jan 2020 14:32:39 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bu7C6i2nJuBS%2FwHE%2FTzCackgDT%2BG2eW1%2FqjhwAGJJDXhQeqDZcSV5D4%2BjJeUh9Q2%2FvRV3iXQmaM64Tfy47%2Brxb2BJ5gqT%2Bf4llh%2BG27v80LeC35baEv%2BN%2BzH7ceprdWXEefNzRl81DVnqKHs"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-7wfmg
access-control-allow-credentials
false
cf-ray
8594687e8b2344f8-TXL
x-amz-cf-id
vSgLcNKVP3TJeexaisNQBQPcV7yvoL369o47t_ICNsk76sYDTAtAQg==
module_11124227288_updated_blog_body.min.js
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/
244 B
2 KB
Script
General
Full URL
https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/module_11124227288_updated_blog_body.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
QMP6D35E71W29CJT
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"cf3f93254ba12a90654162233cedfbcf"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1683298027233
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 8fc9659fc06389e49927f68638e9bc94.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
2vRBYqYBKn.Un2cVRgM_9kk_TDebYnrs
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
e2fb8580-2db1-4a6d-b52c-48d3ea39dd02
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
145
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ZACg4BkGcTgh+mpiB5KitrRwZMsB6ozcjYK7LifWXQbuZ/+GcB1iO0t5SneMUHKJWfnHjsEXvMzH1/8ZvKn5Rg==
x-evy-trace-route-configuration
listener_https/all
x-request-id
e2fb8580-2db1-4a6d-b52c-48d3ea39dd02
last-modified
Fri, 05 May 2023 14:47:08 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGryNBwswEPqtkOR6lfk37n59GNnFzHZQf%2FLpghnW4IMGFsxigSVuJldq%2BOqtoV5RhjgE%2Bk8aLVswVIlIAq4eV7%2BVYSuAjoiL0N14nwD6EBzbwv%2Bq%2BTlmdet7wZMpnDI%2FKlDuV5Mbhc6Qdqb"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-v96mf
access-control-allow-credentials
false
cf-ray
8594687e8b2444f8-TXL
x-amz-cf-id
IsFtEiJnlSDRVEXjaXGWldaMgVo9m32S4VmfQFPUxVUPd_iiWkiwRQ==
1835778.js
www.avanan.com/hs/scriptloader/
2 KB
1 KB
Script
General
Full URL
https://www.avanan.com/hs/scriptloader/1835778.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9872c2260cbdc6ccac904cdc6f83d8bb3ab47c89bbae1dd169e67c40e63fba92
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
f1d60f44-3497-466b-b5d9-a302a3f1add8
content-encoding
br
x-envoy-upstream-service-time
10
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f1d60f44-3497-466b-b5d9-a302a3f1add8
last-modified
Wed, 21 Feb 2024 19:49:04 GMT
server
cloudflare
x-trace
2BAACC79BC818605C715A070F0CA2391D225D7A812000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.avanan.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-f7f4ffb8f-p5wnm
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83jQCs13p6vxm%2F2yw6HcLhQF0e0DVAF8Thxyht4uQ%2F8TYMDlAgdur4LlrpQX7kUVpjJ8gOUzQcMZoA%2B9jxcdgMWVZs9xnLj68RM2efTTX0ZOvKP4MLs3m0tq6gEoQrgg7XJlPhf1wuoKNWR3"}],"group":"cf-nel","max_age":604800}
cf-ray
8594687e8b3a44f8-TXL
expires
Thu, 22 Feb 2024 04:16:59 GMT
index.js
www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/
11 KB
5 KB
Script
General
Full URL
https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 58c4087ee7253768e2670cf3ebe54ce2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
7859774
x-amz-cf-pop
WAW51-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 21 Apr 2023 15:17:56 GMT
server
cloudflare
etag
W/"0bbd63c0750f141fd5cec04a9393647e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QbTfLp7WG0UEZ8rZbIwYBsvUKJiQhHK57rrp9hn1QDosMDvvEvcjXZJQpN2qIlNAjUJWv4ex35Qno1N2vTTrb4UGiUtVkmVrSdOdetGq7%2FshsR3drsQsslOeZ5QFbsZekh0oH48Cvk%2BmZ407"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
8594687e8b3b44f8-TXL
x-amz-cf-id
YwkGN7i7zm0Eu1GuH2hmAzF4eDviW_A27jkj3v7KqTzhRz5kt-Upcg==
expires
Fri, 21 Feb 2025 04:15:29 GMT
popper.js
www.avanan.com/hubfs/website/code/js/vendor/
80 KB
23 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/popper.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 042fd4ca41bdb9d4d6e284c22463e308.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323294
x-amz-cf-pop
LHR3-C2
x-amz-request-id
WHNZ7GP7KY9JG5QX
content-encoding
br
edge-cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-11719670560,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
OME08B.rG6TRAJ7DDfxDoqg2ImFXjByx
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
OXfp3iaTZOBMPBLLLDPe2F+kwTTkhaAzum0nJD2HgkpgJySiSKk+bGLNYnw31X6mgEUIyJT3NyLlioiPrZUDBTQ6b81iboOuIDdGaPOwER8=
last-modified
Tue, 30 Jul 2019 21:08:51 GMT
server
cloudflare
etag
W/"18977fcc54cc90302580895825f739ec"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTHvRf%2BCoSZgwjlgkKgcijUHzbobH4tA3sQH6%2F9sdnkeioQ2R2RoUK6IZj2wxsLrCQm%2B4BV1WRg%2BvE0RWOyS4CX2clFdqC0%2B%2B%2BbfC58H3BilX%2F2wdZ3GJxx28NHBZ20n7IQEv1iNsNzoxpb%2F"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2544f8-TXL
x-amz-cf-id
mdH5R4BnrPdVzaBap6-ZbSHpN5jTn3vqgEj-UX3CHCfF6kJr1KsKRw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
jquery-migrate.js
www.avanan.com/hubfs/website/code/js/
17 KB
7 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/jquery-migrate.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 4c0149793a766b424f3ddc1372e41924.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
WAW51-P4
x-amz-request-id
44J97YP9QWSKXHQE
x-amz-version-id
O.IWEvWv.S2HIJh2gVb3UjxcZN2zO5t0
content-encoding
br
edge-cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
cache-tag
F-10555716746,FD-10555648234,P-1835778,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
KintVhJa3q2Qa6MgzXFg2no0Q6a9tmthOOGExcLIuug6Bga7Ku3dasVNcgA0AaTHY4aXkoKYfxQonPapolu+itsPyQRQs1+PYJ+hvZeozw8=
last-modified
Tue, 18 Jun 2019 07:39:43 GMT
server
cloudflare
etag
W/"e16bb3f1cf4b40a9e4de0cf7d4950cb3"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8d5POcFNs0qVc6Aejfc%2FIhUOxFWVBLudH91wEQOpB0jDwzd%2F7pfZyMlpzP90NZe1k%2FeIDY9hAIpSdDwRtPNF7lTftldSqDn2sRe6BP1p6ataosmFKEsKc5SkL65nLPkMl9XsTqtaEoliyr7"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2644f8-TXL
x-amz-cf-id
GKMkgvyrx_LE3YNq-VCos_Dg76RJDgNoJ-v_hE3htZHCdfOp7Cjpow==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.megamenu.js
www.avanan.com/hubfs/website/code/js/vendor/
22 KB
6 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.megamenu.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 07b994ddf00f39c9e5b18a963a695fd4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323292
x-amz-cf-pop
LHR3-C2
x-amz-request-id
WHNQRMERBYVM424P
content-encoding
br
edge-cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10555716444,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
Tr8ZpL3KcSID6jBFr2cCd_jZ2gEqr8QS
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ykVUckv5cCCSMMMDkmxsh1pWl+zF1OX9Lel93DORd+uQB0jk6COH5vVQlrijSXqoa1Ut6lQ0B/A=
last-modified
Tue, 18 Jun 2019 07:33:15 GMT
server
cloudflare
etag
W/"26676e58c4eb0c77a8d2c99b4bd1ad43"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aFPH6ALMliZoeOZhvKmTtnFxn3RNMdYcmOYUw5sCSV4XDUoTHtN162evdndX53Ism%2FGd5h2Bf3zpvJT4MQbaNAfXvWE2eLiUkdX%2BHfboRMX3rC8xm%2BGKgW8a0E0xL0efTmXTICRhwJ0fNJ5Y"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2944f8-TXL
x-amz-cf-id
kjF53pTeNParlR7Eqp9qYZu0wL1tRKXfWGgRIKvBf1kw5Zo8Dw67XA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.min.js
www.avanan.com/hubfs/website/code/js/vendor/
15 KB
5 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/custombox.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 1cab6471cfd97c9e331bb21f4503b0fe.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323290
x-amz-cf-pop
LHR3-C2
x-amz-request-id
EVRY0TCSY72SJB36
content-encoding
br
edge-cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12524627223,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
Tm64yWHx4y9EpRwZ0oVdBIU91wzQQVgx
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
UbXt+9e0KHYr+Fd0N8EBaSOu0FGabXipLCE066nZVVLlJ9r6U+sxNT0QiYZFzQPV6S+RIYdEggI=
last-modified
Thu, 29 Aug 2019 14:19:27 GMT
server
cloudflare
etag
W/"a99f3446cf6471542e7b5103c1e0ad26"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ExkJO1urBbT7y5i41H0z4mZaHktcBJ5urnhqRlnGWG9614Pi%2B5kh67CrCcDNzGVbSI2NXikgBVXsCHylbuyjt4dMNROujmopysuwOe8xheA0E8e1WEcuLDEJwzk%2Fb2S7HzPlaCtEganLPig5"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2a44f8-TXL
x-amz-cf-id
QKpCkPXD5eovfiw8m3s17_4YG66IbMfp8Lofmozod5PvhQFzDCa2yw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
custombox.legacy.min.js
www.avanan.com/hubfs/website/code/js/vendor/
102 KB
36 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/custombox.legacy.min.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323290
x-amz-cf-pop
FRA56-P7
x-amz-request-id
2X2QP80B98XTSR4V
content-encoding
br
edge-cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12524756578,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
CNtvX5bcEOKz8jLqkiPSkGvNd2dpptBk
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
PGINzYQJ/gB2OVF8SSXsfZnwUkFIzQN+mABK0dx7+JzE91iHqO4tQOa/PhqeC7SmVz3m5p+kEm0=
last-modified
Thu, 29 Aug 2019 14:19:27 GMT
server
cloudflare
etag
W/"626f9c989ad909171b9c7e56dccfadd0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64TySVF0oXM0GbKTD7jsEDX4oFDGfvpe2sLRE3Oko2%2BS15ljj4NMf4jGadQuDKwBxl9gBs0bl8O5qiA%2FagAImOfOrrnoxPQ87yH%2BDENoFUUSquN2TqaQ5ad%2FPIJq5NhueZkeGi4Sw1G6ehxv"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2b44f8-TXL
x-amz-cf-id
5DMm3h-UDanOk2zYkDycygbudekXYwValKvxOedmEjeoOoxa1iTEyg==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.core.js
www.avanan.com/hubfs/website/code/js/vendor/
4 KB
2 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.core.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
323289
x-amz-cf-pop
FRA56-P7
x-amz-request-id
03EEWVDHKJ2BZ81X
content-encoding
br
edge-cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10555648509,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
t39fon58.c8wnVn0KiTmU6Cnt0f.z3k5
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
+6cEOT6wqHNI0loxTYLiAiHB62pv1BD5C59mkOVEHobNt4oHMMaYoghP4i+xm9ZnV6q5VpJ8qmM=
last-modified
Tue, 18 Jun 2019 07:35:47 GMT
server
cloudflare
etag
W/"ad96a1d08e41474de9b172376ad8f2a6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HoO1DHcD3%2FfST0Ek%2FEkaFRam7IwDjF0HZ9DqZLTsyBrAk7UG2i2yEmROyv1Fv6XH%2FA6kz0uFHIAEikryO5xoKNe5LJ9yydiB6eFEphQy%2Fnv1hTJrGAoWRuhQaa3qW4uJuO6H6pCzwPihUsLa"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2c44f8-TXL
x-amz-cf-id
NVtgZrhzVr91WYEPI_imw8zy1EF2P5SoXD0wT3_6cls8Hb1n_G6Xog==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.header.js
www.avanan.com/hubfs/website/code/js/vendor/
45 KB
6 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.header.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
146904
x-amz-cf-pop
ZRH50-C1
x-amz-request-id
MTY9N6E48Y5X5WTK
content-encoding
br
edge-cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-10658801982,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
sLoBYokxi8ZRjPnVZWHiocCdDukS9g6O
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
6ZBJpCinp+D+gF59DoWBBRqtVU5NVVOnY7ipznz4dRsAs3nAhB9TcJLWGy0dIMtfAi8mmUIai9FhB0qy9TsPgg==
last-modified
Fri, 21 Jun 2019 15:22:17 GMT
server
cloudflare
etag
W/"da8e6062fc6df06d66405f3894ac0090"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjxD0sioVXFgiGjiyknTIDLZHtYGwbvAbNU4Eiz2KO0xqG3Bulho6VCmij9JbFgu%2FO%2BLz6aBOG6Z1tjIDatE36nvtF3Bc%2FlLwONsmxqQ8yHTdnnLwG32xxSGPh1TAsEdp7NsUpjzvHZjEoy1"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b2f44f8-TXL
x-amz-cf-id
F082V_N9HXgKbevc8YLf6o5hztWTQ00UN4AudR51OZkhNW-GtdDCtA==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.unfold.js
www.avanan.com/hubfs/website/code/js/vendor/
16 KB
4 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.unfold.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 b8f7ec2a292687370773a41cd1bdc97a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
146904
x-amz-cf-pop
MXP64-C2
x-amz-request-id
TXXBTQTTYPWM6WPF
content-encoding
br
edge-cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12349469375,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
jtHI_y0b8Eo2FGwKdP6LEhiHSwPKnVW3
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
jB+X/BFZYr+SbmJCrnnm/UYqd3wrNYAFtncH6bh9uCd0E+p/hAerOSLH1Ph0/e4L0Oc2mel0cq0=
last-modified
Thu, 22 Aug 2019 18:14:11 GMT
server
cloudflare
etag
W/"cd7294af40bf5e701ac6f8cca4a7ebcc"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2iLwM24OmI91eEr7VQ7LmEEcI96flaBWftTMdgUntmt70PbrclzBpqwDVR3OfCSy095jXbDHy51s777J9UpNvYUA8MK9y7oKXVKuLsr3UTVXlssXqDEhSJ9Sd0CybtwHPyXVnsepufeIc7J%2F"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray
8594687e8b3044f8-TXL
x-amz-cf-id
8NrtjO-2FJ-YPR0fg1nQHv8FiDi4ZFIS4VxcgUgpiTdE4xK9X8uC1w==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
hs.slick-carousel.js
www.avanan.com/hubfs/website/code/js/vendor/
13 KB
4 KB
Script
General
Full URL
https://www.avanan.com/hubfs/website/code/js/vendor/hs.slick-carousel.js
Requested by
Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20IB-OB%20Ransomware%20APAC%202%2F13%20-%20FY24&utm_medium=email&_hsmi=293972812&_hsenc=p2ANqtz-8N7HGOoV6r3jxtmhOPYEnLJZJNtoWNn8eN-ZEXfji75HxEW1gbx3x_dmmQCXMMgRu-g5soi8Lg7JZie5iWmgFiAzIzEQ&utm_content=293972812&utm_source=hs_automation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 04:15:29 GMT
strict-transport-security
max-age=31536000
via
1.1 0b1e5aac6efcb57a0edb60d436bf6c02.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
content-security-policy
upgrade-insecure-requests
age
476534
x-amz-cf-pop
WAW51-P4
x-amz-request-id
JQK7VX821FV372JS
content-encoding
br
edge-cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
cache-tag
F-12709649959,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id
47mSAiAgQ_ZLSqVaPMk.x.DaEXQJE5Q1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
x-amz-id-2
c1Caag1NRNA1OMyeqGtn+w9S9aSrUTQJrN1Bd8ryWzRv6RGyXN0qVk80hv/FmMnfBCukYNP+Iok=
last-modified
Thu, 05 Sep 2019 14:38:09 GMT
server
cloudflare
etag
W/"333f5cba208ba8133a37ded8fbd1d4df"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rF3W%2BVjJlvmLddNzvL1AVm58oBasBoF3SaguKRS7PbJHOj28pdaQjMupu%2BzciQwpkfJWkRt%2FSPwuB1JVYteJ32a8ii42HTb6QLrqbMmFZ5j3WSH4yVDs08qh6tiW3luU2S9z0jcZnTY6wSER"}],"group":"cf-nel","max_age":604800}
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cf-ray</