URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Submission: On November 01 via manual from SG — Scanned from SG

Summary

This website contacted 44 IPs in 6 countries across 29 domains to perform 127 HTTP transactions. The main IP is 65.0.79.182, located in Mumbai, India and belongs to AMAZON-02, US. The main domain is www.menlosecurity.com.
TLS certificate: Issued by R10 on October 11th 2024. Valid for: 3 months.
This is the only time www.menlosecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 65.0.79.182 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
24 104.18.160.117 13335 (CLOUDFLAR...)
6 104.17.71.206 13335 (CLOUDFLAR...)
1 13.35.212.110 16509 (AMAZON-02)
5 2404:6800:400... 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
12 34.96.102.137 396982 (GOOGLE-CL...)
2 74.125.24.99 15169 (GOOGLE)
11 23.44.4.160 20940 (AKAMAI-ASN1)
1 151.101.20.157 54113 (FASTLY)
1 108.156.133.37 16509 (AMAZON-02)
1 2403:e800:e80... 4637 (ASN-TELST...)
2 57.144.144.128 32934 (FACEBOOK)
2 23.15.110.65 16625 (AKAMAI-AS)
6 35.83.31.139 16509 (AMAZON-02)
1 13.33.30.93 16509 (AMAZON-02)
1 2600:9000:21f... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 74.125.24.154 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
4 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 172.217.194.157 15169 (GOOGLE)
2 2404:6800:400... 15169 (GOOGLE)
4 6 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 192.28.147.68 15224 (OMNITURE)
1 108.157.254.81 16509 (AMAZON-02)
2 2a03:2880:f34... 32934 (FACEBOOK)
1 172.66.0.227 13335 (CLOUDFLAR...)
1 104.244.42.131 13414 (TWITTER)
4 108.156.133.27 16509 (AMAZON-02)
1 151.101.2.109 54113 (FASTLY)
1 2404:6800:400... 15169 (GOOGLE)
2 35.245.208.72 396982 (GOOGLE-CL...)
1 103.43.90.54 29990 (ASN-APPNEX)
1 2600:1413:a00... 20940 (AKAMAI-ASN1)
2 13.33.30.84 16509 (AMAZON-02)
3 104.18.37.212 13335 (CLOUDFLAR...)
2 75.2.108.141 16509 (AMAZON-02)
2 104.16.117.43 13335 (CLOUDFLAR...)
127 44
Apex Domain
Subdomains
Transfer
25 website-files.com
cdn.prod.website-files.com — Cisco Umbrella Rank: 6168
2 MB
14 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5626
c.6sc.co — Cisco Umbrella Rank: 6951
ipv6.6sc.co — Cisco Umbrella Rank: 5794
b.6sc.co — Cisco Umbrella Rank: 3611
eps.6sc.co — Cisco Umbrella Rank: 11869
24 KB
14 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2896
r1.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 55253
216 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 321
www.linkedin.com — Cisco Umbrella Rank: 646
px4.ads.linkedin.com — Cisco Umbrella Rank: 6828
4 KB
7 hushly.com
hubfront.hushly.com — Cisco Umbrella Rank: 69804
app.hushly.com — Cisco Umbrella Rank: 84054
392 KB
7 menlosecurity.com
www.menlosecurity.com
info.menlosecurity.com
96 KB
6 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
td.doubleclick.net — Cisco Umbrella Rank: 192
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
3 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
438 KB
4 fullcircleinsights.com
st.fullcircleinsights.com — Cisco Umbrella Rank: 111989
4 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 3
analytics.google.com — Cisco Umbrella Rank: 147
64 B
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 5671
4 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 25487
ibc-flow.techtarget.com — Cisco Umbrella Rank: 23670
2 KB
3 driftt.com
js.driftt.com — Cisco Umbrella Rank: 6590
62 KB
2 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 4482
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
21 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 google.com.sg
www.google.com.sg — Cisco Umbrella Rank: 13716
562 B
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3657
7 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
76 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 877
script.hotjar.com — Cisco Umbrella Rank: 1177
61 KB
2 cloudfront.net
d3e54v103j8qbb.cloudfront.net
d2i34c80a0ftze.cloudfront.net
41 KB
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 479
705 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1022 B
1 vimeocdn.com
extend.vimeocdn.com — Cisco Umbrella Rank: 11454
6 KB
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 962
393 B
1 t.co
t.co — Cisco Umbrella Rank: 859
628 B
1 mktoresp.com
281-owv-899.mktoresp.com
318 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 784
14 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 960
16 KB
127 29
Domain Requested by
25 cdn.prod.website-files.com www.menlosecurity.com
cdn.prod.website-files.com
12 dev.visualwebsiteoptimizer.com www.menlosecurity.com
dev.visualwebsiteoptimizer.com
8 b.6sc.co
6 app.hushly.com www.menlosecurity.com
app.hushly.com
6 info.menlosecurity.com www.menlosecurity.com
info.menlosecurity.com
5 px.ads.linkedin.com 3 redirects snap.licdn.com
5 www.googletagmanager.com www.menlosecurity.com
www.googletagmanager.com
4 st.fullcircleinsights.com d2i34c80a0ftze.cloudfront.net
3 js.zi-scripts.com www.menlosecurity.com
js.zi-scripts.com
3 td.doubleclick.net www.googletagmanager.com
3 js.driftt.com www.menlosecurity.com
js.driftt.com
2 ws.zoominfo.com js.zi-scripts.com
2 eps.6sc.co j.6sc.co
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 r1.visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com
2 www.facebook.com www.menlosecurity.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 www.google.com.sg www.menlosecurity.com
2 analytics.google.com www.googletagmanager.com
2 googleads.g.doubleclick.net www.googletagmanager.com
2 munchkin.marketo.net www.menlosecurity.com
munchkin.marketo.net
2 connect.facebook.net www.menlosecurity.com
connect.facebook.net
2 j.6sc.co www.googletagmanager.com
j.6sc.co
2 www.google.com www.googletagmanager.com
www.menlosecurity.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 fonts.googleapis.com info.menlosecurity.com
1 extend.vimeocdn.com www.googletagmanager.com
1 analytics.twitter.com www.menlosecurity.com
1 t.co www.menlosecurity.com
1 script.hotjar.com static.hotjar.com
1 281-owv-899.mktoresp.com munchkin.marketo.net
1 px4.ads.linkedin.com www.menlosecurity.com
1 www.linkedin.com 1 redirects
1 stats.g.doubleclick.net www.googletagmanager.com
1 trk.techtarget.com www.menlosecurity.com
1 d2i34c80a0ftze.cloudfront.net www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 hubfront.hushly.com www.menlosecurity.com
1 d3e54v103j8qbb.cloudfront.net www.menlosecurity.com
1 www.menlosecurity.com
127 44
Subject Issuer Validity Valid
www.menlosecurity.com
R10
2024-10-11 -
2025-01-09
3 months crt.sh
prod.website-files.com
WE1
2024-10-21 -
2025-01-19
3 months crt.sh
info.menlosecurity.com
Cloudflare Inc ECC CA-3
2024-02-29 -
2024-12-31
10 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2024-07-30 -
2025-07-03
a year crt.sh
*.google-analytics.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.hushly.com
Amazon RSA 2048 M02
2024-09-16 -
2025-10-13
a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2024-06-29 -
2025-07-31
a year crt.sh
*.google.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
6sc.co
R10
2024-09-23 -
2024-12-22
3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-25 -
2025-06-24
a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03
2024-05-22 -
2025-06-20
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-08-10 -
2024-11-08
3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
drift.com
Amazon RSA 2048 M03
2024-07-30 -
2025-08-27
a year crt.sh
trk.techtarget.com
WE1
2024-09-20 -
2024-12-19
3 months crt.sh
*.g.doubleclick.net
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.doubleclick.net
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.google.com.sg
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-10-14 -
2025-04-14
6 months crt.sh
ibc-flow.techtarget.com
WR3
2024-10-24 -
2025-01-22
3 months crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-15 -
2025-09-15
a year crt.sh
t.co
E5
2024-09-28 -
2024-12-27
3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-02 -
2025-10-01
a year crt.sh
aws-st.fullcircleinsights.com
Amazon RSA 2048 M02
2024-05-28 -
2025-06-25
a year crt.sh
*.vimeocdn.com
GlobalSign Atlas R3 DV TLS CA 2024 Q3
2024-09-24 -
2025-10-26
a year crt.sh
upload.video.google.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
zi-scripts.com
WE1
2024-09-22 -
2024-12-21
3 months crt.sh
eps.6sc.co
Amazon RSA 2048 M03
2024-08-30 -
2025-09-29
a year crt.sh
zoominfo.com
E5
2024-10-12 -
2025-01-10
3 months crt.sh

This page contains 8 frames:

Primary Page: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Frame ID: BD24B65244BC36823C0BFD59001996D2
Requests: 111 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.menlosecurity.com
Frame ID: 07DD836D67BA27D6458282FEE38E528E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10976805707?random=1730430595831&cv=11&fst=1730430595831&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 5D04404375FD46D87F585187E78A46E3
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/684820168?random=1730430595903&cv=11&fst=1730430595903&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 72511526DB7FBB5A78CD645E13339B82
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-C2G0PCSJKE&gacid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1193359782
Frame ID: 20CE8C4BD5C0AE58857B10D62F52087B
Requests: 1 HTTP requests in this frame

Frame: https://info.menlosecurity.com/index.php/form/XDFrame
Frame ID: D1AE7CA0F417B223A227F6DF10595B69
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=trrsm2wf4gwm&eId=trrsm2wf4gwm&region=US&forceShow=false&skipCampaigns=false&sessionId=2d4ea392-bc5d-4fd9-8afb-19749a071cc3&sessionStarted=1730430598.575&campaignRefreshToken=defcd868-7aa1-435d-9f0e-8f882aa117ba&hideController=false&pageLoadStartTime=1730430595520&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Frame ID: D7F95DD1241AC46CA0B5F9A493C91349
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1730430595520
Frame ID: 83BA61AEB896AC82C3538722F438A634
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Google Drawings and WhatsApp Zero-hour Open Redirection Phish exposed - Blog | Menlo Security

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

127
Requests

95 %
HTTPS

33 %
IPv6

29
Domains

44
Subdomains

44
IPs

6
Countries

3909 kB
Transfer

9628 kB
Size

46
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1730430596150%26li_adsId%3Ddf8b3ca6-3ddb-4236-b760-bee21d6b4ac5%26url%3Dhttps%253A%252F%252Fwww.menlosecurity.com%252Fblog%252Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67

127 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
www.menlosecurity.com/blog/
83 KB
21 KB
Document
General
Full URL
https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
65.0.79.182 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-65-0-79-182.ap-south-1.compute.amazonaws.com
Software
/
Resource Hash
47566672ca066e450f97e2cde56cf0ca496b2c001f0d8b62673f60c2686cc748
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-ray
8db8b054ea353194-BOM
content-encoding
gzip
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Fri, 01 Nov 2024 03:09:55 GMT
last-modified
Thu, 31 Oct 2024 22:10:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
surrogate-control
max-age=432000
surrogate-key
www.menlosecurity.com 6536e5317bf92f62050c3585 pageId:65cfa4568060d2df213d5425 65cfa4568060d2df213d52e1 65cfa4568060d2df213d5302 65cfa4568060d2df213d5326 65cfa4568060d2df213d5368 65cfa4568060d2df213d52e1
vary
Accept-Encoding
x-cluster-name
ap-south-1-prod-hosting-red
x-content-type-options
nosniff
x-frame-options
DENY
x-lambda-id
6d736d87-88e8-4f06-ac39-0e7ef2fc93c5
menlo-dev.9af56778f.min.css
cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/
410 KB
66 KB
Stylesheet
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a175 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50a5a86a3812bfd69af1231c3a870e4035e6c6dcf9687d46babda3a0f090db80

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"886d5d4b2d24b16c9803f1ad0f98147c"
x-amz-version-id
_yw9QOMopOJXKe2P5hVDaeNuMxe8IzVu
age
505
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
text/css
last-modified
Tue, 29 Oct 2024 17:35:37 GMT
vary
Accept-Encoding
x-amz-id-2
iNFUBL00ioLO1OSdeEKF7f1cYHDFIgL4tSMAZ/YHt6H1gfDT7sxX7kKtAgns5U4JvLWB0Hb50Gs=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
CWKFAVYYJJCQ5S9Z
cf-ray
8db8b055cfeca12c-SIN
accept-ranges
bytes
access-control-allow-origin
*
content-length
67242
server
cloudflare
x-amz-server-side-encryption
AES256
65b30af079f2a57286546248_icon-rounded-close-icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
311 B
788 B
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65b30af079f2a57286546248_icon-rounded-close-icon.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9da14942229f055eb8acb3012a6e1fadcff12d6db2a9736e685a1113539468ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"05edd6e8fc673e0b58d2a5408c1359ac"
x-amz-version-id
zbIvUCgae1xaV2oBYvtk4AbFl.T7lTFF
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Fri, 26 Jan 2024 01:29:21 GMT
vary
Accept-Encoding
x-amz-id-2
rQ8cXT2TLpqRszw4n9FdY+KnJshzXtpHppD8UMBL7zcYZ7nCam+ZEfbU4gcBOO9ZQUA0+6YnxCs=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
CWKBK4RR9ZWSDXPR
cf-ray
8db8b0561dd81066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
forms2.min.js
info.menlosecurity.com/js/forms2/js/
199 KB
67 KB
Script
General
Full URL
https://info.menlosecurity.com/js/forms2/js/forms2.min.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f144e3bc13095ce7d1b638b1b2cc50b52cd12312cba1323706f6e71e8ded1e2c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"1e01657-31b91-625a9d5f9a052"
age
5433
x-content-type-options
nosniff
cf-ray
8db8b05e7a278527-HKG
expires
Fri, 01 Nov 2024 07:09:56 GMT
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
application/x-javascript
last-modified
Wed, 30 Oct 2024 04:07:09 GMT
vary
Accept-Encoding
server
cloudflare
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/
87 KB
30 KB
Script
General
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=6536e5317bf92f62050c3585
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.212.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-212-110.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://www.menlosecurity.com/

Response headers

access-control-max-age
3000
content-encoding
br
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
32476
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
zcygM89wZuY0JT64pF1SMK5rTlY5q_ztRHCWK_xJeujjW8J0hRFUwQ==
date
Thu, 31 Oct 2024 18:08:39 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
Accept-Encoding
cache-control
max-age=84600, must-revalidate
via
1.1 b2c5094272cffc150b97bc982427694c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
SIN2-P7
server
AmazonS3
menlo-dev.fdbffa8fa.js
cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/
2 MB
263 KB
Script
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/js/menlo-dev.fdbffa8fa.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bcc65474edef8c21cf7cdb2cb4855f1726a3b6f341427d1ba60b4c3c174ce54

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"a8ae822e8f15ce7defaaef0468eaaa48"
x-amz-version-id
wynqtkU_QM7yI0nVELithDKeMIWRb7Qn
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
text/javascript
last-modified
Tue, 29 Oct 2024 17:35:37 GMT
vary
Accept-Encoding
x-amz-id-2
cHb5l79pUCAfF8yz728Ms36j11/bv6q537OG2uOquU9rDe2gl+OpwvHCtoJ3QQzNJgafAI5tPaA=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
CWK2P1D34ZWQCTN5
cf-ray
8db8b0565e0d1066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
268769
server
cloudflare
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/
358 KB
118 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b3ca8dc0102f3d1664c1d8fa1276218e9f1b13bd8f80eeeec87015f988f2527
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Fri, 01 Nov 2024 03:09:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
120151
x-xss-protection
0
server
Google Tag Manager
embed.js
hubfront.hushly.com/
216 KB
63 KB
Script
General
Full URL
https://hubfront.hushly.com/embed.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223b:fc00:13:a3bc:6800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e356e6d4254b6a2c1fbee2fb6e66f1c7ab6de329c8f81b8f6bef7d897b3d56fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
etag
W/"66fe3f6e-35e69"
via
1.1 12092b1d863b1b4b20da0d09effe7b36.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
_BiCtY-n-S9MEiWF1WJR-FfqWaN9jwU_VZAlXwu5__uelWEx4FUo4w==
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript
last-modified
Thu, 03 Oct 2024 06:53:34 GMT
server
nginx
x-amz-cf-pop
SIN2-P2
j.php
dev.visualwebsiteoptimizer.com/
37 KB
10 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=910208&u=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&vn=2.1&x=true
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gsng1 /
Resource Hash
94f0f415642dee975be155c61e8686c471159542c2c79d588fb13d83e6eb3be7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.menlosecurity.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:54 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
gsng1
65d0f2dae177d376b0c2edf8_White_Search_Icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
931 B
1 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/65d0f2dae177d376b0c2edf8_White_Search_Icon.svg
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0316b910e0a7b4b953bfe8cf73598737ecaf0950899b00bf3bbbbff1b1038d96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"366f7ad07f086ba27b215e5a4a6339c4"
x-amz-version-id
QJZPo1tWQCMoT6Cd4jwSQEVJ8Jt9H79J
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Sat, 17 Feb 2024 17:54:35 GMT
vary
Accept-Encoding
x-amz-id-2
gzmdYm8A9b/diksMic9SIPaV1Mk3k2rQkWpiE+5JUJBY9pG5ap/6/ri1Wv833tIwjDkhBDNbMy0=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
CWK6046AEVRJB3MN
cf-ray
8db8b0565e181066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
163 KB
164 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc62cf41f78f153fcb5_Roboto-Bold.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec685a46105296fe46c8744da4a11cf8118ba6c11271941766f7a546df6aa7c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"b8e42971dec8d49207a8c8e2b919a6ac"
x-amz-version-id
DEN3jsgRev_OY_LYX5MYpkpFwV.0RnKX
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Mon, 23 Oct 2023 23:20:40 GMT
x-amz-id-2
eZj1WW9IZmwmv8sH2nFxoRhWyuZucT6THZsGF3V4CZUY4Hbd7UvWx6d7dOP7LWaHeAwNRRvBjYY=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5PH0Q1AB5DCJST
cf-ray
8db8b056acaa5dd9-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
167336
server
cloudflare
x-amz-server-side-encryption
AES256
6536ffc6ee31b63c515fef73_Roboto-Black.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
164 KB
165 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc6ee31b63c515fef73_Roboto-Black.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ace0d0833ab83ff18ea94e4a7745f919c458ae4eabc298218226df4275ccd4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"d6a6f8878adb0d8e69f9fa2e0b622924"
x-amz-version-id
LC7K49D5wH6tDKXFHytipUF6mcbcdjJd
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Mon, 23 Oct 2023 23:20:39 GMT
x-amz-id-2
Y77o4lhKQhJ22Hxp8ovOVfxHW9g4IpcxIxhsCbVYJi+Uy5NBMJmR/t7iumEmrujwRlMd0sKY/3E=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5WCQRSYJ8XEWV2
cf-ray
8db8b056acab5dd9-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
168060
server
cloudflare
x-amz-server-side-encryption
AES256
6536fedde312752da0449705_Raleway-VariableFont_wght.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
302 KB
303 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536fedde312752da0449705_Raleway-VariableFont_wght.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"3ec1aa8901bbee53c49cc8b4e011a0e1"
x-amz-version-id
W6TaNt0ziNCYiA6KR0lQ_yg4yL4jsmS5
age
566
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Mon, 23 Oct 2023 23:19:05 GMT
x-amz-id-2
+WlTCqvRGEJe1eQsl7aQtxzySGGSV97Da3T7z8eMduSqVJAfzHjlIWrbg0yNT7v94P+T70b18nM=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5VGRZW12JH57TY
cf-ray
8db8b056acac5dd9-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
309720
server
cloudflare
x-amz-server-side-encryption
AES256
6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
164 KB
165 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc6d42c74fdfbff0fc4_Roboto-Regular.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"8a36205bd9b83e03af0591a004bc97f4"
x-amz-version-id
05LPmbO2M9nNQswHGx2VlZpg6J3t6zB8
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Fri, 01 Dec 2023 10:22:22 GMT
x-amz-id-2
ZFjTNIhuyuv3Ybj/FdLtVeU+/PL5vcnAn4Z30lTyLhvq2MSPa/TWBcVsHk3z0C6hWCNWnrNJYF4r8HZqa+YigLq8Zt9xlGYcWtctiSQQUTc=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5WREYHK63CSBJT
cf-ray
8db8b056acae5dd9-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
168260
server
cloudflare
x-amz-server-side-encryption
AES256
6536ffc61a22f00ee539de31_Roboto-Italic.ttf
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
167 KB
167 KB
Font
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6536ffc61a22f00ee539de31_Roboto-Italic.ttf
Requested by
Host: cdn.prod.website-files.com
URL: https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e4a85061136e99e052929ed0d85e36384fba5c34b773139a8f64339c609943

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.menlosecurity.com
Referer
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/css/menlo-dev.9af56778f.min.css

Response headers

access-control-max-age
3000
cf-cache-status
HIT
etag
"cebd892d1acfcc455f5e52d4104f2719"
x-amz-version-id
K.6cn7P.TKQlJpc2rwPUk4An9TToDFe_
age
565
access-control-allow-methods
GET, HEAD
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-font-ttf
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified
Thu, 01 Feb 2024 14:50:44 GMT
x-amz-id-2
5yF44um+I39+IPTsybEMyr3eZ9XA+UDuoxrzx9EJNZRY2F3b60DzSY1TILiEHdT14U71uPo10Qg=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5TR05K3A7NP2KJ
cf-ray
8db8b056acaf5dd9-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
170504
server
cloudflare
x-amz-server-side-encryption
AES256
6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
428 B
891 B
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c2d88d994c80155279c5_Menlo_circle-arrow%E2%80%94Transparent.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
889d25db4b8baec5af49f52ba44f9aabf5d3ed27620850a9fd1645746dd76668

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"684db38c541a2e1cbfaf34c61d643ed8"
x-amz-version-id
OTQZHJDi9C8m5Sp0xUE2N0Mz_8m_sV6H
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Fri, 01 Dec 2023 11:28:41 GMT
vary
Accept-Encoding
x-amz-id-2
O6LhSULTvJVkzjf5yj0LQUzbmhnWwKHlWIxpw5gONJSQT7bMlxTg61EHYBq+fPtcSueTtxk5mXY=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5Q3HQQ8ZH2GXEF
cf-ray
8db8b0569e831066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6564ef8254ba69f9582df989_menlo-logo-new.png
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
7 KB
8 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef8254ba69f9582df989_menlo-logo-new.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca681b2b9b415d35f4ceef886b26398a76b29856294f94751f910f44dc8e14e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
HIT
etag
"0c2965a583039629321663d795f35155"
x-amz-version-id
6oM0EjA5C1tlifHw4zqf2v1C6h_csXyZ
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/png
last-modified
Mon, 27 Nov 2023 19:35:31 GMT
vary
Accept-Encoding
x-amz-id-2
XeNvaZVGAsfD6mooGHJdmhNx3B9dUctG0Gzm7exIeCY/NHYrF4SdzcwHIzjKXXawPJ6JfwT7deU=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5QR7W1FFVXS6JK
cf-ray
8db8b0569e841066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
7413
server
cloudflare
x-amz-server-side-encryption
AES256
66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-1600.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
100 KB
101 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad619b81509e4a6841a53d_Open_Redirect_Phishing_Blog-p-1600.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b08fb35a5f56a160b5455b172cac37afa8a18da00e4e2884b3c19790d637ae2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
EXPIRED
etag
"e5b32875cbe84bb5ba71d603a56f904f"
x-amz-version-id
l0CJHTW6lYQRpfddeyedv38DuMcuxlhh
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/png
last-modified
Fri, 02 Aug 2024 22:45:51 GMT
vary
Accept-Encoding
x-amz-id-2
EqmKZh+zjPINgP2Ii3KGUSJZTa84GPUe7zxVq1SwQ3CCZrX1C0JVH/qPCDSth+xgVf+Wk6EVrtjVSrasXVBcG8GjlXOgnOv+FN86DnzxkZw=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
V0GMYN40Y3MEJRPB
cf-ray
8db8b0569e861066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
102540
server
cloudflare
x-amz-server-side-encryption
AES256
66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
155 KB
156 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac273c0c88bc05a9a79af9_66ac23f4d71c1540865a4e0b_Fake%2520_Amazon-Securty_Alert_email%25402x.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f402adb6d872721d16ac6d180640bc134f0d3001f57c5a1b2fbf3ea5f18aaea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
EXPIRED
etag
"aec569d1bd70234864be0a4d54cd3b83"
x-amz-version-id
zWaXp0_xxTfPAdkC6cZWEDNV1VeL.9Bo
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/png
last-modified
Tue, 20 Aug 2024 08:54:34 GMT
vary
Accept-Encoding
x-amz-id-2
ln+4fiFaW8DOujx5LLvcojqEVz+uwLqfXFen1/RM6FRGZb3xOs6zZz4UTWfXGTtjR5U/ObemPpB6DCMkJxIDF8jAijckA3U2wXU9oZPD/Og=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
V0GWWT1HGWH8RK99
cf-ray
8db8b0569e881066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
158830
server
cloudflare
x-amz-server-side-encryption
AES256
66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
430 KB
430 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ad5f8e4db6581a0b0d50fc_66ad5e4e0cb9e4274bfab983_GoogleDraw_Redirect_Phishing_Chain.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d174b4fd89816f5bbc83cc796feecab85ae373950f2eedaa4899e4929eeb3f6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
EXPIRED
etag
"13ca98c25a2cfb79f5cf5e3bdacfe42e"
x-amz-version-id
b03df1utsr_6irj0N9HQT0KbD2te3dY7
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/png
last-modified
Tue, 20 Aug 2024 08:54:34 GMT
vary
Accept-Encoding
x-amz-id-2
zZmfXxuOG3y7U3oxLZr799bkedkrJSbBFpkEIfa8/KmZYd9PdoM1g8Vrah92QIZIzJ/zPt8KN+by9fFJdk6wZX5e+fSxeBJ0zS67sShzYi4=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
V0GHB9AG8KWVH76H
cf-ray
8db8b0569e891066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
439945
server
cloudflare
x-amz-server-side-encryption
AES256
66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
51 KB
51 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd8815_66ac24aa6f8998d5b8c3c752_Zero-hour%2520Open%253ARedirect%2520_Pic%25202.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
528e3cc972ef7f6c2812f86e137869f6ced78785f98900aed1278f1b5a726bd9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
EXPIRED
etag
"14fe21f7ab5876dbb32768b926238877"
x-amz-version-id
6MmX1ML10AgzlFMMC4WS5dZCMrt1RPFw
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/png
last-modified
Tue, 20 Aug 2024 08:54:34 GMT
vary
Accept-Encoding
x-amz-id-2
9b8F2+5FiZTMX7RX6cihXWnJuFlC2QmbW6YFZKuMFoUDn1Jsuuk2R/tWVDVpESqtD7HqUHptfPN+6oE/WjUC8ZsGU1p5R4sGCIZBHz/Yfak=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
V0GKJT6SQZHSBW31
cf-ray
8db8b0569e8a1066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
52065
server
cloudflare
x-amz-server-side-encryption
AES256
66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
248 KB
249 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/66ac2a1ef01e957976cd881d_66ac2523a33e505e7c1a31dc_Zero-hour%2520Open%253ARedirect%2520_Pic%25203.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b2f97a83181796ad19a73f1b95d34632ab8db56d9f33f09cfff0ad799ef6bde

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
MISS
etag
"a2e42b92c94cf0d3c2de5ee2455064b6"
x-amz-version-id
THgcn.SkUsMapnxntar1ZElVA55.ueXo
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/png
last-modified
Tue, 20 Aug 2024 08:54:34 GMT
vary
Accept-Encoding
x-amz-id-2
0MhUR32I26LSA+la8VGzT0QDEX2NL0egdGX9ZwAwcg3LZ2Zo7yICUaJQCY9ec2YViTLsEffNNPhLz9YEbX0pyNmSofybz/VkBVHgbNZ29/o=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
V0GRM7YNNXQYZ5X4
cf-ray
8db8b056ae8c1066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
254003
server
cloudflare
x-amz-server-side-encryption
AES256
6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
2 KB
2 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9057_LinkedIn_white_line_icon.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1214dfeb93c377d705ff4e3fa4026b177b09bd78db8c58fec8bed76042b22cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"3649d7f32b11c2eeaf07d7c3e255b3e4"
x-amz-version-id
AcNyFpFI8aAA28ygKmwAtygggpeL.GKB
age
560
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Mon, 27 Nov 2023 19:34:54 GMT
vary
Accept-Encoding
x-amz-id-2
53r6f6DTQtmA2YPT+hRabRGIXO5w36TtY1EvBRYtcZmGer++K1wG01WJA8tA0o0P8Mi++y9AzoE=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5PYZ5AXFARTNM4
cf-ray
8db8b056ae8e1066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
2 KB
2 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9056_Twitter_X_white_line_icon.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb1bf908b6409ef06648805751d0ab2b5266bb25cd8649f42ebdb555dba577d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"ec3df19575f6b8918daab65f4a4395fe"
x-amz-version-id
LRWTCcxe1O67SFrUHw2p7xzNiJE9t1LM
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Mon, 27 Nov 2023 19:34:54 GMT
vary
Accept-Encoding
x-amz-id-2
NBEuglDE/oGH5vXosksEKPxvlYjk/+G2tEZd73oIiHg7C1IGLqiGyExvi61iXiJ3d5xA/j1EuHA=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5JS776S84K3XWM
cf-ray
8db8b056ae8f1066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
2 KB
2 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6564ef5d3a4cb7b5ea3a9055_FaceBook_white_line_icon.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
573a481f2f09d26d3f240670b5e8fe7c9660e34b8b436bf6b40edf291e9e410d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"c306b7effae56674b98577f22bb9f84f"
x-amz-version-id
o7JKEdLK6GcbVtAiHBiLffzSk0uBmM7J
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Mon, 27 Nov 2023 19:34:54 GMT
vary
Accept-Encoding
x-amz-id-2
rQnMsdGY/oqxsGoPRtf8zaX7tXvKOkQh/oNiQhGqF8ClFe5AaXS8ojkaVuD2XyrXmtLTIwZpV4I=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5PYQBKEN5WSH25
cf-ray
8db8b056ae911066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
659c987cfb5d1e96866d5723_email_white_line_icon.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
2 KB
2 KB
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/659c987cfb5d1e96866d5723_email_white_line_icon.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ded09789782fad99733cac6a94fc617f55aae1605849fa40c2b21db8a5eec34

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"6bb63141af64165f33d46a4826528814"
x-amz-version-id
fG1pMh0vPM9GwN628Hq8vJ4YzhiRfPiK
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Tue, 09 Jan 2024 00:51:10 GMT
vary
Accept-Encoding
x-amz-id-2
dEHBQFj4PaNbG8hbDQHrrrGUn0xvDq6IWilpuXTk/cuBnwTAJKb4kl1Grqqu0rIOOz4tvozsK9M=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5Z3Z3J3JHQM5BS
cf-ray
8db8b056ae921066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
671a70166a92c2b4beb7894a_Brief_Browsing-Forensics-with-HEAT-Shield.png
cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/
113 KB
114 KB
Image
General
Full URL
https://cdn.prod.website-files.com/65565a6ae1bebedfef4026ca/671a70166a92c2b4beb7894a_Brief_Browsing-Forensics-with-HEAT-Shield.png
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93d422c94e254e573a0d094a63c2a57c089c769bd92472e1d60c55c6e27d57aa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cf-cache-status
HIT
etag
"501a9bcf640cbba7bdddb6354e748772"
x-amz-version-id
sEFeuciQNSaZfyYH7Gnml701.fY5vh9l
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/png
last-modified
Thu, 24 Oct 2024 16:04:40 GMT
vary
Accept-Encoding
x-amz-id-2
xCncgQtUg3UgiKaFamSiDqbd6K6p3BbIkW05mU6lbSEDx6oxC4BR9qPw3M0fW9vdMumtZuRWNNI=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5ZF1RPY3QEZ45Z
cf-ray
8db8b056ae931066-HKG
accept-ranges
bytes
access-control-allow-origin
*
content-length
115614
server
cloudflare
x-amz-server-side-encryption
AES256
6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg
cdn.prod.website-files.com/6536e5317bf92f62050c3585/
431 B
882 B
Image
General
Full URL
https://cdn.prod.website-files.com/6536e5317bf92f62050c3585/6569c1ab2800036a4d82da3e_Menlo_circle-arrow%E2%80%94Orange.svg
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.160.117 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b6e95be24a1a3898f651bec06bb95389d379b49b1f1b0f9a1f4f9fdfb12bc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"542e4012b8e5a35ffab762743a6519df"
x-amz-version-id
KAN4xukQJ9M_c85FEWZgwpefEOgAmQid
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/svg+xml
last-modified
Fri, 01 Dec 2023 11:21:17 GMT
vary
Accept-Encoding
x-amz-id-2
+Y1P6FIyqfn84ICaAdwaw4ES82v9y+cfnYe8gJHFnABH5edaVwUu184JCwIMIIGqFfvv4U2Y/I8=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
FJ5RCPJS361VW5MV
cf-ray
8db8b056ae941066-HKG
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
worker-ec801144d32aa276144ce1be2e3a68a1br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/
264 KB
64 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/worker-ec801144d32aa276144ce1be2e3a68a1br.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5fcfed8a8e5a83133a754733331d975d9dd6ce8c914b5254c38c0649b446648b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=+fCq4g==, md5=fG8h7gv1T6R0f4+R1/447Q==
etag
"7c6f21ee0bf54fa4747f8f91d7fe38ed"
age
242031
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
65179
date
Tue, 29 Oct 2024 07:56:04 GMT
last-modified
Tue, 29 Oct 2024 06:48:30 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AHmUCY3ewyfkrBi1fqAEM5-KjQ5HRVaYO8vzIcVIA8eNGJOAxmRzrC1teQwBIwzY45Jj_TLRONBIgyAf8g
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730184510723850
content-length
65179
content-language
en
server
UploadServer
va_gq-b1afa1aae2b2cf254ad788339141d3b5br.js
dev.visualwebsiteoptimizer.com/cdn/edrv/
275 KB
71 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/cdn/edrv/va_gq-b1afa1aae2b2cf254ad788339141d3b5br.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4306729a57aea0a73818aca0a3e72917358f17a8dd6e5684d444712f856b0af5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

x-goog-metageneration
1
content-encoding
br
x-goog-hash
crc32c=3sRjaQ==, md5=3IJr2MJgBbL95lk1vrT+3w==
etag
"dc826bd8c26005b2fde65935beb4fedf"
age
56258
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
73017
date
Thu, 31 Oct 2024 11:32:17 GMT
last-modified
Tue, 29 Oct 2024 11:43:28 GMT
content-type
text/javascript; charset=UTF-8
x-guploader-uploadid
AHmUCY3ahjvhtHsBNS-HxmTHVsjDLylYYHUkN6afBvefFz3CWIMMwvbCP27oXTsWtyHhJAm_i54vJ3PJuw
cdn_cache_status
hit
cache-control
public, max-age=31536000
x-goog-storage-class
STANDARD
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1730202208352385
content-length
73017
content-language
en
server
UploadServer
v.gif
dev.visualwebsiteoptimizer.com/
35 B
146 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=910208&d=menlosecurity.com&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&h=3ea28b42b1437b15be5322d78da18daa&t=false
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
public, max-age=43200
x-content-type-options
nosniff
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/gif
server
gnv02c
collect
www.google.com/ccm/
0
0
Ping
General
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&scrsrc=www.googletagmanager.com&frm=0&rnd=458554353.1730430596&auid=530064321.1730430596&npa=0&gtm=45He4au0v830118234za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tft=1730430595667&tfd=700&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f99.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

js
www.googletagmanager.com/gtag/
431 KB
135 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ce1396c7561b874d91159e5e0fafa5b32f2ff0e30463d778f0dfa919ccb7da1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 01 Nov 2024 03:09:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
137667
x-xss-protection
0
server
Google Tag Manager
9d098b8d-9cde-40ee-beab-3b850059beba.js
j.6sc.co/j/
4 KB
2 KB
Script
General
Full URL
https://j.6sc.co/j/9d098b8d-9cde-40ee-beab-3b850059beba.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.4.160 Singapore, Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-4-160.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2a4274b3cc3e0f1c657d92cd91051243635cf08951925f7dabcf24ce7005b0d0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
etag
"a78e9f870ad4c64f810b2020cca5d9ee"
x-amz-version-id
2xVIr_VLK.K69VKXDZbBKfWOdjNXST5u
expires
Fri, 01 Nov 2024 03:39:56 GMT
x-amz-cf-id
f1GYA2gsxocAFwXPFKPRMF9Hv6Cj7DD8m5qFdrHrdYk6nmdUWfp6oA==
date
Fri, 01 Nov 2024 03:09:56 GMT
last-modified
Thu, 04 Jan 2024 00:00:45 GMT
vary
Accept-Encoding
content-type
application/javascript
x-amz-meta-content-type
application/json
cache-control
private, max-age=1800
accept-ranges
bytes
content-length
1456
x-amz-cf-pop
SIN2-P2
server
AmazonS3
x-amz-server-side-encryption
AES256
uwt.js
static.ads-twitter.com/
57 KB
16 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.20.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

vary
Accept-Encoding,Host
cache-control
no-cache
content-encoding
gzip
etag
"4328e910de583ad53b3a7a76455af005+gzip+gzip"
accept-ranges
bytes
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
15926
date
Fri, 01 Nov 2024 03:09:56 GMT
x-tw-cdn
FT
last-modified
Tue, 29 Oct 2024 20:04:45 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-iad-kcgs7200099-IAD, cache-bfi-krnt7300023-BFI
x-amz-server-side-encryption
AES256
hotjar-1854968.js
static.hotjar.com/c/
13 KB
5 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1854968.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.156.133.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-156-133-37.sin2.r.cloudfront.net
Software
/
Resource Hash
7e427014365514b080f1644ab8f7e6bc3700c2f9bdc5ecf4b9d7f77efdd1a33e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=60
content-encoding
br
etag
W/6dcd39445ecdd4116d35a44e8bc9b221
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
x-cache-hit
1
via
1.1 27f668bcd09435386d2434e95a56f7d6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
hu73_rsIvKpPFz1qrVU77NXEPTEiS8urVk9D3dXH3S1Gw8pWd-SyDA==
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-amz-cf-pop
SIN2-P4
destination
www.googletagmanager.com/gtag/
282 KB
97 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1ccb55e180b6008bb80e0d12668fd55ab1da436595b815ace9c20b41e8eb0bcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Fri, 01 Nov 2024 03:09:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
99481
x-xss-protection
0
server
Google Tag Manager
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2403:e800:e80b::2a63:8c8b , Hong Kong, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
max-age=10260
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Fri, 01 Nov 2024 03:09:55 GMT
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
destination
www.googletagmanager.com/gtag/
243 KB
87 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6d041e5db3e386dbb35073702927111e65871075c34b65aa796e910b39463c6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Fri, 01 Nov 2024 03:09:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
89185
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/
239 KB
61 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
57.144.144.128 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-sin11.fbcdn.net
Software
/
Resource Hash
b1b27d92de22d509ebd21de47d14975728928e881bd6c9d1695cc5d38f2942bd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-lLMoJc5Q' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-lLMoJc5Q' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4452, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
LovmmKPgMS5/ENJPDmVDEtYpr7hd1FBGwIN9Kl54DSbz6SC+vyrVAY4eB20od1LqiCgXEoy1bM4UE9ONZ9i88Q==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62068
x-xss-protection
0
origin-agent-cluster
?1
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.15.110.65 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-15-110-65.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
57d030752d740552eb7759a0dd8e487e96ca86b03c0aa53a7e2b1c213ae74f5f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

Content-Encoding
gzip
ETag
"49bb20382072bfb6b798a6f4c6ab8354:1730261707.305765"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
746
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Date
Fri, 01 Nov 2024 03:09:55 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 30 Oct 2024 04:15:07 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
widget.js
app.hushly.com/runtime/
1 KB
2 KB
Script
General
Full URL
https://app.hushly.com/runtime/widget.js?aid=83162
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-83-31-139.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
286df06f268fa067213350c826e4c21c62bc0ed7635d099875b11679adbd95b3
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
expires
Thu, 01 Jan 1970 00:00:00 GMT
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
text/javascript;charset=utf-8
trrsm2wf4gwm.js
js.driftt.com/include/1730430600000/
221 KB
62 KB
Script
General
Full URL
https://js.driftt.com/include/1730430600000/trrsm2wf4gwm.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.30.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-30-93.sin2.r.cloudfront.net
Software
istio-envoy /
Resource Hash
e96abb18e70acf14065e3bacb0dbd6942579a85d3d69d9d7551bea9c627ca3a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
x-amz-version-id
px8T70IzhuJ6oS1M7izBjK7Y8.9uRoPx
etag
W/"182931eb99afb01276b448d2f7bd627d"
access-control-allow-methods
GET, POST, OPTIONS
x-cache
Miss from cloudfront
x-amz-cf-id
PiFEyVYOPDJcpnQfN25eNhSC_6nGxEmmLR8qLV7lwm1F6pqv_dWamg==
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 18:47:07 GMT
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache
x-envoy-upstream-service-time
59
access-control-allow-credentials
true
via
1.1 475d669d6a669094dfa09def007f90d6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
SIN2-P1
server
istio-envoy
x-amz-server-side-encryption
AES256
fullcircle.js
d2i34c80a0ftze.cloudfront.net/
32 KB
11 KB
Script
General
Full URL
https://d2i34c80a0ftze.cloudfront.net/fullcircle.js?cid=187d2103-bdc5-4e3f-b070-b5c6a4000840&domain=menlosecurity.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f8:b000:9:14eb:6280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
5f8ece9fc3c316bd78480ef2f48dc82b47f84a1a2a39ddd4a0fec27a720cae41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-amz-apigw-id
AgT-REaivHcEHIQ=
age
70390
x-amzn-trace-id
Root=1-6723338e-14ddc56436198e8368d8f864;Parent=28f25c4e05e6bc0c;Sampled=0;Lineage=1:be50798f:0
x-amzn-requestid
51e03fb5-c5ef-4788-807c-87e481ae92b5
via
1.1 df7c0ba7857d5300ae11e7566c926f16.cloudfront.net (CloudFront), 1.1 f211f91e8d5cedb9f00541e06f435da2.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
8uUlRFV69o2tX2B6P05eI7k9FCPckDx3FAkVpMQc4Gm98skl-wyAGg==
date
Thu, 31 Oct 2024 07:36:46 GMT
content-type
application/json
x-amz-cf-pop
FRA56-C1, TLV50-C1
vary
Accept-Encoding
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1247 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=1200
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
38494
via
1.1 google
cf-ray
8db8b0580f8744ba-SIN
expires
Fri, 01 Nov 2024 03:29:55 GMT
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
text/javascript
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
vary
Accept-Encoding
server
cloudflare
8d3d6c49-3822-4a47-a552-e11867235d28
https://www.menlosecurity.com/ Frame
0
0

sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 07DD
0
0
Document
General
Full URL
https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.menlosecurity.com
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WL64MFJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::61 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
9044
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
1476
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy
cross-origin
date
Fri, 01 Nov 2024 00:39:11 GMT
expires
Sat, 01 Nov 2025 00:39:11 GMT
last-modified
Mon, 21 Oct 2024 16:58:00 GMT
report-to
{"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server
sffe
service-worker-allowed
/static/service_worker
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
s.gif
dev.visualwebsiteoptimizer.com/
35 B
53 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/s.gif?account_id=910208&u=D7095C0AF2BBE2FA6529BCCF636B8F01A&s=1730430594&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22en-sg%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1730430595788%2C%22tO%22%3A-8%2C%22tz%22%3A%22Asia%2FSingapore%22%7D&cu=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1730430594808&v=3faa98f1a
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv02c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
x-content-type-options
nosniff
via
1.1 google
expires
Mon, 10 Jan 2005 00:00:01 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
image/gif
server
gnv02c
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/
6 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10976805707/?random=1730430595831&cv=11&fst=1730430595831&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
55bffe59c98978287a621961a6c501ca960b23c26ee836266fc367917325b003
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2432
date
Fri, 01 Nov 2024 03:09:55 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
10976805707
td.doubleclick.net/td/rul/ Frame 5D04
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/10976805707?random=1730430595831&cv=11&fst=1730430595831&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-10976805707&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::9b Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 01 Nov 2024 03:09:55 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.15.110.65 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-15-110-65.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

Cache-Control
max-age=8640000
Content-Encoding
gzip
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Connection
keep-alive
Expires
Sun, 09 Feb 2025 03:09:55 GMT
Accept-Ranges
bytes
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Length
4741
Date
Fri, 01 Nov 2024 03:09:55 GMT
Content-Type
application/x-javascript
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/
43 B
62 B
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/684820168/?random=1730430595903&cv=11&fst=1730430595903&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f154.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 01 Nov 2024 03:09:55 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
684820168
td.doubleclick.net/td/rul/ Frame 7251
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/684820168?random=1730430595903&cv=11&fst=1730430595903&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4au0v9172607130z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&rdp=1&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-684820168&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c01::9b Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 01 Nov 2024 03:09:55 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
1626328370711236
connect.facebook.net/signals/config/
76 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1626328370711236?v=2.9.175&r=stable&domain=www.menlosecurity.com&hme=ead923021ccd3483ef3b9b04703d0a78b943fbdc01e8d7cec21c5059f1f4a5e9&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C194%2C193%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
57.144.144.128 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-sin11.fbcdn.net
Software
/
Resource Hash
e15a6c28d823d04b27f738d1397d5a727d2e1a2a2ac288e512f6b203fa5cb04f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-BZehXYtE' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-BZehXYtE' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=76, mss=1232, tbw=70274, tp=66, tpl=0, uplat=215, ullat=0
pragma
public
x-fb-debug
A85sn2mYxjYOYwWmOGE/DedJAEI2enQG120pHscvUbAmpDByaJma5g1LIuQ/yNSd1sWbWtji94ZTjYmIThbMcQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-C2G0PCSJKE&gtm=45je4au0v868642232z8830118234za200zb830118234&_p=1730430595547&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1219144783.1730430596&ecid=1636916591&ul=en-sg&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EA&_s=1&sid=1730430596&sct=1&seg=0&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&dt=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1126
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1c::71 Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.menlosecurity.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
549 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-C2G0PCSJKE&cid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c02::9a Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.menlosecurity.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 20CE
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-C2G0PCSJKE&gacid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1193359782
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C2G0PCSJKE&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.194.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f157.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.menlosecurity.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 01 Nov 2024 03:09:56 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.com.sg/ads/
42 B
408 B
Image
General
Full URL
https://www.google.com.sg/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-C2G0PCSJKE&cid=1219144783.1730430596&gtm=45je4au0v868642232z8830118234za200zb830118234&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1977748921
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
attribution_trigger
px.ads.linkedin.com/
2 B
763 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=474058&time=1730430596150&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Referer
https://www.menlosecurity.com/

Response headers

x-li-pop
afd-prod-ltx1-x
content-encoding
gzip
x-fs-uuid
000625d14500aff422c558396df72ddb
x-msedge-ref
Ref A: 11E5FDE330DF4B2FA7EB8E7FA003724C Ref B: SIN30EDGE0721 Ref C: 2024-11-01T03:09:56Z
x-li-fabric
prod-ltx1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYl0UUAr/QixVg5bfct2w==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Fri, 01 Nov 2024 03:09:55 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D474058%26time%3D1730430596150%26li_adsId%3Ddf8b3ca6-3ddb-4236-b760-bee21d6b4ac5%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whats...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-what...
0
489 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: D887B798D4264ED5BD1B6D5979BB1CFB Ref B: SIN30EDGE0410 Ref C: 2024-11-01T03:09:57Z
x-li-fabric
prod-lva1
x-li-uuid
AAYl0UUQmbSfp/nLW7NHQA==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=474058&time=1730430596150&li_adsId=df8b3ca6-3ddb-4236-b760-bee21d6b4ac5&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&cookiesTest=true&liSync=true&e_ipv6=AQKlrGP3uxtt3AAAAZLls3fqGp13YJ7l-e0vChLslSpKNi8L6Eq-nqnOGtL88eBf5xdVEUY2kp67
x-msedge-ref
Ref A: 9453627B47214F6ABB077B7A12EE9F5C Ref B: SIN30EDGE0520 Ref C: 2024-11-01T03:09:56Z
x-li-fabric
prod-lva1
x-li-uuid
AAYl0UUMUumIXVJ/z4tDNQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Fri, 01 Nov 2024 03:09:56 GMT
gif.gif
ibc-flow.techtarget.com/a/
43 B
442 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1730430596152&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
ibc_rate_tier
16648054
Referer
https://www.menlosecurity.com/

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-encoding
identity
expires
Fri, 01 Nov 2024 04:09:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
43
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/gif
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
vary
Origin
x-guploader-uploadid
AHmUCY2TLH8JNWZGcnNMDFGLKuulq__UHSiAktdieGARavknXeNJ_V6VqIhrox-_iiSUjvW8pN0
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1670534369365034
content-length
43
server
nginx/1.20.2
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16648054&r=1730430596152&ref=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.menlosecurity.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 01 Nov 2024 03:09:56 GMT
expires
Fri, 01 Nov 2024 03:09:56 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
AHmUCY33p-1QHJ-PyWtxl-Afnk5iKckUxgZOLi1ILNjZl6pbgrATbLvucjLKJFCLpjTkRruXf1g
visitWebPage
281-owv-899.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://281-owv-899.mktoresp.com/webevents/visitWebPage?_mchNc=1730430596154&_mchCn=&_mchId=281-OWV-899&_mchTk=_mch-menlosecurity.com-1730430596153-67723&_mchHo=www.menlosecurity.com&_mchPo=&_mchRu=%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

Transfer-Encoding
chunked
X-Request-Id
ce2f2743-d062-4b71-9696-f50549ae2f54
Content-Encoding
gzip
Connection
keep-alive
Access-Control-Allow-Origin
*
Date
Fri, 01 Nov 2024 03:09:57 GMT
Content-Type
text/plain; charset=UTF-8
Server
nginx/1.20.1
/
www.google.com/pagead/1p-user-list/10976805707/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10976805707/?random=1730430595831&cv=11&fst=1730430000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7drfAl5ISfYfrsTqGeNIVHG3mE4e8YVQ&random=4248621372&rmt_tld=0&ipr=y
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f99.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com.sg/pagead/1p-user-list/10976805707/
42 B
154 B
Image
General
Full URL
https://www.google.com.sg/pagead/1p-user-list/10976805707/?random=1730430595831&cv=11&fst=1730430000000&bg=ffffff&guid=ON&async=1&gtm=45be4au0v899189876z8830118234za201zb830118234&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&hn=www.googleadservices.com&frm=0&tiba=Google%20Drawings%20and%20WhatsApp%20Zero-hour%20Open%20Redirection%20Phish%20exposed%20-%20Blog%20%7C%20Menlo%20Security&npa=0&pscdl=noapi&auid=530064321.1730430596&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7drfAl5ISfYfrsTqGeNIVHG3mE4e8YVQ&random=4248621372&rmt_tld=1&ipr=y
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::5e Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 01 Nov 2024 03:09:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
modules.625495a901d247c3e8d4.js
script.hotjar.com/
221 KB
55 KB
Script
General
Full URL
https://script.hotjar.com/modules.625495a901d247c3e8d4.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1854968.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.254.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-254-81.sin2.r.cloudfront.net
Software
/
Resource Hash
c0d57eff0936a57e0c8d6bc93314585c734e5ade88d6de970e1e305ae5d87224
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

x-robots-tag
none
content-encoding
br
etag
"862c1be6e71cd836a43ce679991261fd"
age
299209
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
xSjV7hs_nguiyRO2GS0RCSx4VdObbLpLJgYW3uYmYYwSDpgFy_4gTg==
date
Mon, 28 Oct 2024 16:03:07 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 28 Oct 2024 16:02:55 GMT
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
cross-origin-resource-policy
cross-origin
via
1.1 28831e33c2b6b14bc20bb534d284147a.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
56056
x-amz-cf-pop
SIN2-P3
/
www.facebook.com/tr/
0
273 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1730430596342&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730430596339.979125584821195573&cs_est=true&ler=empty&cdl=API_unavailable&it=1730430596023&coo=false&rqm=GET
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f348:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=3, rtx=0, c=10, mss=1297, tbw=2955, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1626328370711236&ev=PageView&dl=https%3A%2F%2Fwww.menlosecurity.com%2Fblog%2Fgoogle-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed&rl=&if=false&ts=1730430596342&sw=1600&sh=1200&v=2.9.175&r=stable&ec=0&o=4126&fbp=fb.1.1730430596339.979125584821195573&cs_est=true&ler=empty&cdl=API_unavailable&it=1730430596023&coo=false&rqm=FGET
Requested by
Host: www.menlosecurity.com
URL: https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f348:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7432142819923046825"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
934MHs8Y4PF8RtYB/G/lecHlZIbw7E42/F+q05CbWhx/23uxdOjVuPkrJ6LQtpqgHg3hAtQPgjAfJQD+70vq7w==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7432142819923046825", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src 'report-sample' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=4, rtx=0, c=14, mss=1297, tbw=3272, tp=-1, tpl=-1, uplat=308, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
widget-24484d4203334d7eab77aca1c755ba1e.js
app.hushly.com/assets/
1 MB
293 KB
Script
General
Full URL
https://app.hushly.com/assets/widget-24484d4203334d7eab77aca1c755ba1e.js
Requested by
Host: app.hushly.com
URL: https://app.hushly.com/runtime/widget.js?aid=83162
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.83.31.139 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-83-31-139.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
3faeacebd26ec01d6f194b404ea22fc23af6cef08be5d4b345026feba2494717

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.menlosecurity.com/

Response headers

cache-control
public, max-age=31536000
content-encoding
gzip
etag
"widget-24484d4203334d7eab77aca1c755ba1e.js"
content-length
299192
date
Fri, 01 Nov 2024 03:09:56 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Tue, 22 Oct 2024 10:30:52 GMT
vary
Accept-Encoding
adsct
t.co/i/
43 B
628 B
Image