www.graphus.ai Open in urlscan Pro
2606:4700:20::ac43:47f2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Submission: On January 12 via api (January 12th 2021, 11:00:31 pm UTC) from US

Summary HTTP 93 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 26 IPs in 6 countries across 24 domains to perform 93 HTTP transactions. The main IP is 2606:4700:20::ac43:47f2, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.graphus.ai.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 17th 2020. Valid for: a year.

This is the only time www.graphus.ai was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:20:... 2606:4700:20::ac43:47f2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
44	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::681a:625	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	99.84.144.4 99.84.144.4	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eecc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
5	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
93	26

5 2606:4700:20::ac43:47f2 (United States)

ASN13335 (CLOUDFLARENET, US)

www.graphus.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

mk0graphus6hi9e9iec2.kinstacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:625 (United States)

ASN13335 (CLOUDFLARENET, US)

app.prontomarketing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.144.4 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-144-4.txl52.r.cloudfront.net

tracker.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eecc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	kinstacdn.com mk0graphus6hi9e9iec2.kinstacdn.com	796 KB
6	google-analytics.com www.google-analytics.com ssl.google-analytics.com	37 KB
5	hubspot.com api.hubspot.com forms.hubspot.com app.hubspot.com track.hubspot.com	2 KB
5	graphus.ai www.graphus.ai	27 KB
3	google.de www.google.de	744 B
3	google.com www.google.com	744 B
3	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	2 KB
2	facebook.com www.facebook.com	515 B
2	facebook.net connect.facebook.net	93 KB
2	marinsm.com tracker.marinsm.com	3 KB
2	bing.com bat.bing.com	9 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	prontomarketing.com app.prontomarketing.com	3 KB
2	googletagmanager.com www.googletagmanager.com	83 KB
1	linkedin.com px.ads.linkedin.com	678 B
1	hscollectedforms.net js.hscollectedforms.net	25 KB
1	usemessages.com js.usemessages.com	20 KB
1	hs-banner.com js.hs-banner.com	14 KB
1	hs-analytics.net js.hs-analytics.net	18 KB
1	licdn.com snap.licdn.com	2 KB
1	googleadservices.com www.googleadservices.com	12 KB
1	googleapis.com fonts.googleapis.com	602 B
1	hs-scripts.com js.hs-scripts.com	945 B
1	cloudflare.com cdnjs.cloudflare.com	2 KB
93	24

	Domain	Requested by
44	mk0graphus6hi9e9iec2.kinstacdn.com	www.graphus.ai mk0graphus6hi9e9iec2.kinstacdn.com
5	www.graphus.ai	www.graphus.ai mk0graphus6hi9e9iec2.kinstacdn.com
4	www.google-analytics.com	www.graphus.ai www.google-analytics.com
3	www.google.de	www.graphus.ai
3	www.google.com	www.graphus.ai
2	www.facebook.com	www.graphus.ai connect.facebook.net
2	api.hubspot.com	js.usemessages.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	connect.facebook.net	www.graphus.ai connect.facebook.net
2	tracker.marinsm.com	www.googletagmanager.com www.graphus.ai
2	bat.bing.com	www.googletagmanager.com www.graphus.ai
2	fonts.gstatic.com	fonts.googleapis.com
2	app.prontomarketing.com	www.graphus.ai app.prontomarketing.com
2	ssl.google-analytics.com	www.graphus.ai
2	www.googletagmanager.com	www.graphus.ai
1	track.hubspot.com
1	app.hubspot.com	js.usemessages.com
1	forms.hubspot.com	js.hscollectedforms.net
1	px.ads.linkedin.com	www.graphus.ai
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	snap.licdn.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	fonts.googleapis.com	www.graphus.ai
1	js.hs-scripts.com	www.graphus.ai
1	cdnjs.cloudflare.com	www.graphus.ai
93	29

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com
cloud.graph.us
forms.office.com
angel.co

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-17` - `2021-08-17`	a year	crt.sh
*.kinstacdn.com COMODO RSA Domain Validation Secure Server CA	`2018-11-19` - `2021-02-16`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.marinsm.com DigiCert SHA2 Secure Server CA	`2020-02-24` - `2022-05-25`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Frame ID: 9E5221E815C15878126B14F9A950B030
Requests: 91 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/7001790/threads/utk/a2ebcb0225c44a7ba88667d798510ccc?uuid=b3c8be8dcd8a41a39c002b89cc9ad82a&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=a2ebcb0225c44a7ba88667d798510ccc&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 4AFCBF7A77C33A5D5738F9543A708CA9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

93
Requests

100 %
HTTPS

92 %
IPv6

24
Domains

29
Subdomains

26
IPs

6
Countries

1175 kB
Transfer

2654 kB
Size

27
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/GraphusInc/

Search URL Search Domain Scan URL

URL: https://twitter.com/graphusinc

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/graphus-inc-/

Search URL Search Domain Scan URL

URL: https://cloud.graph.us/selectlogin

Search URL Search Domain Scan URL

URL: https://forms.office.com/
Title: Microsoft Forms

Search URL Search Domain Scan URL

URL: https://angel.co/graphus/jobs
Title: Careers with Graphus

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

93 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/ 64 KB
16 KB 380ms
351ms Document
text/html 2606:4700:20::ac43:47f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47f2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9ca5fddaf78fad286d8d0c756897ec0ef451c412f43041761372a3d72a2b82d

Security Headers

Name	Value
Content-Security-Policy
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.graphus.ai
:scheme: https
:path: /clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d5b50a9aeab59450745ed0e6dc79d3c2c1610492412; expires=Thu, 11-Feb-21 23:00:12 GMT; path=/; domain=.graphus.ai; HttpOnly; SameSite=Lax; Secure mtsnb_lastvisited=1610471261; expires=Fri, 10-Jan-2031 22:07:41 GMT; Max-Age=315360000; path=/; secure mtsnb_lastvisit_posts=%5B6683%5D; expires=Fri, 10-Jan-2031 22:07:41 GMT; Max-Age=315360000; path=/
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
x-pingback: https://www.graphus.ai/xmlrpc.php
link: <https://www.graphus.ai/wp-json/>; rel="https://api.w.org/" <https://www.graphus.ai/?p=6683>; rel=shortlink
content-security-policy
x-kinsta-cache: HIT
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu897223f4eabea5d86b5d9589d40f8be9
cf-cache-status: DYNAMIC
cf-request-id: 079a6d18f8000005dc7086a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RKlReNfxQmaywgv8kLHNAceusVyujMet7izglHU4hr1MbRDiHyLLiJ6TzM%2BX0yd%2FlipBxDKrm1Shb%2BLjcHhqpdus%2B%2BxYVyxxRQH07%2FSo12zIzhpNJUUo1ONPiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610a7e07ede505dc-FRA
content-encoding: br

GET
H2 200 bootstrap.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/css/ 95 KB
17 KB 126ms
68ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/css/bootstrap.min.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1cbda21998b65e08a7e936114cabd7f7783d0f590dd6efdd58c7faa8b6e7b9aa

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 512856
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab300003128acb62000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-17c3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HY%2BpVmpjoF7mHQ8OvGRWMAMscKn36Cq3YxWR%2B6qqUtIcNk3EB5hNyF7Bvsb1rIF%2Fkb9XUW%2BgVZPLs6riITNgwlsOhkMg6xlMVx%2FSoxcuIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0abdf83128-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu68a007593e61fb65f72ba4a6f30253f5
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 all.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/ 160 KB
32 KB 120ms
62ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 8511276a27014cf836b9ebaecd1e2ac49619482c9bcc3d0a080b56e64133348a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab10000d6cd33281000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-280c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f%2FYrFtvjmrjF1PFae%2FGzya27ll6vDrDqR6uvH3DLa54BgwNgdQkEaIZt49QmBY4ED6x9FgY0tA2O0WPmPKdMekNTfTBAwwd3O0VxHNar%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0abb4ed6cd-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0203aac328efde2e80deff7378634ea7
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 v4-shims.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/ 26 KB
5 KB 126ms
69ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/v4-shims.min.css?v=5.11.2-pro
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 4c6d5ac4c77a0cd4dcae820b87afd1ee0b18a72bf0dd8f7de168fd307ac47041

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab50000d6f5343e5000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-6751"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pFUy4ryx73RCK62EdNpvcmzya5Md7cFSeFOhmU6bUhmbe1zsxB%2BU39c09arFnBUE2j07C2FA%2Bjvvj9yqIsYlhRo6%2B1gUfkFb4Cz%2BUGpfpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0abf04d6f5-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu665b8cad751443b58f2967d9ddcec0b6
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 style.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/css/dist/block-library/ 52 KB
9 KB 126ms
69ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab50000d729642a9000000001
last-modified: Fri, 24 Apr 2020 15:32:14 GMT
server: keycdn-engine
etag: W/"5ea3067e-d159"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qlKK9AWPx0vTaYr0ezK%2FA%2B0Xqv%2FnALA7LgBdJkY7WcxvY6yOKsF2Cc9rJ9VgGYHP8jVPgnEOyxhJBaJ8qpD6nqVAewEC1uSW7pyYeV%2Ffpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0abe15d729-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu4ac96559e236a1c70025a363c21dbc16
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/blocks/ 6 KB
2 KB 135ms
79ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/blocks/style.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: dcc909dfd149ca19089d4203f5c47525c05a218e19e84dcb706db7059b7f4755

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
cf-polished: origSize=6362
x-cache: MISS
cf-request-id: 079a6d1ad200004a6d319ab000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-18da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tyZZZ%2FS2gPenmdQGSzowskMyvwEtboQVXOVOKht2zW%2F%2BaO5mwYu2cCvOMSxLMLsP4UdWyZT15fbqUb8sSkE1PQEabPVoC09sE6to9eqgmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0ae9db4a6d-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZued97a7eb0a767c11e6f670d5ff41003e
cf-bgj: minify

GET
H2 200 woocommerce-layout.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 16 KB
3 KB 130ms
73ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: e42a7af0f19adf1cf7d67e8fbecad6713ec9cde539f7dc5d134544366679e521

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab400002b7dfb3fa000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-409e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f4lcMEPGYjIb1ZbWP32Z9eATlzRN42rqi0LWnf8IQCE8PjB4vVrVVesnjpJ662DVgoU9%2BEELgYkRUuAHe2rEbP8B8mXwrcK2Dn53cgmRXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0ab8402b7d-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu3f0efb9b5b00243039a018633bfcbf22
cf-bgj: minify

GET
H2 200 woocommerce.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 61 KB
9 KB 127ms
70ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f8bd598e9a7cb4a743d02b5106fff15bfb2a83a15ddf612b6e7345ac78ba88ef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=62586
x-cache: MISS
cf-request-id: 079a6d1ab500002bd6e18ef000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-f47a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=03w0OYDHZDWC8WIPPss0rFrQbgNltZ5HdQGnCbOMTglYu5aBTO2NNtAOBT%2Fxwynkz20LhvkFgu0y56Yr6zkYls6tx2CEtMKDBKKCCCiicg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abec22bd6-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8efdec07c92323c364b252a1f6bb2d93
cf-bgj: minify

GET
H2 200 flexslider.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/ 4 KB
2 KB 128ms
71ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/flexslider.css?ver=2.0.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: c9b302155b6a82a3f166cf2e7f045a04d4fec13444ce93186fcbc72917a6e0cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 33666
x-edge-location: defr
cf-polished: origSize=5466
x-cache: MISS
cf-request-id: 079a6d1ab700002c4ea91bf000000001
last-modified: Wed, 11 Oct 2017 00:50:50 GMT
server: keycdn-engine
etag: W/"59dd6aea-155a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m%2FWQ5wdwFMH%2BbUDAsUbdpxVUw5MmCYAZ5NrruJ75vEkD9gIEHvjRYjLHaKFghS8HiDJBgw1CKNL7Rzv9wcbUfTKT5BCN0OZv5KYnjrXAyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abd062c4e-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuabaf84ac5fc12c591c5fc16c9e61edbb
cf-bgj: minify

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/ 4 KB
2 KB 130ms
73ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/wooslider/assets/css/style.css?ver=2.0.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2dc22200f64ece18c1413668318154e28f312752a9fcf9d989b8bfccf95632d0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=5175
x-cache: MISS
cf-request-id: 079a6d1ac20000c2feff135000000001
last-modified: Wed, 11 Oct 2017 00:50:50 GMT
server: keycdn-engine
etag: W/"59dd6aea-1437"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dBJ5RptOS5kLaUhZ7jfv5XiolVoLSEMdwsObHNpzp0YZvktivEWcbaTNykCUJb7YU6tONEz8ngzhCrDh7IZwC4GTUkiAU5b3ex%2B%2FSBgEvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0ad8c5c2fe-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu264a2841564bb492cd7a01e25e99ed1f
cf-bgj: minify

GET
H2 200 frontend.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/download-monitor/assets/css/ 5 KB
2 KB 119ms
63ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/download-monitor/assets/css/frontend.css?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b8e149178358873942c6a434f9ae62dd952769a87c2abdf7e659c129acd398fd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab200002b22b8b23000000001
last-modified: Fri, 13 Nov 2020 09:54:32 GMT
server: keycdn-engine
etag: W/"5fae57d8-14a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DPIRjCEed5PRaFQ2zW0h4gbefndde0aXezMTIgi0rK0Jqp8OoJfHzMp5Lon9cgr6bnyBy674TOlyiNURGGzYnb1QspjEvir9G2X9I%2Fzu2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abde12b22-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu77d97406f806a56d64c2f89cc501da10
cf-bgj: minify

GET
H2 200 wc-memberships-frontend.min.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce-memberships/assets/css/frontend/ 4 KB
2 KB 125ms
69ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce-memberships/assets/css/frontend/wc-memberships-frontend.min.css?ver=1.13.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 865621ac5f128903e5ff1561805a16ce4fd20938f62a4a6807876f78a6f0b92d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab500002fa5aa968000000001
last-modified: Fri, 26 Jul 2019 06:54:55 GMT
server: keycdn-engine
etag: W/"5d3aa3bf-e6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qLWQc1H0w0CRtjSIFT5RNBtWjCHuO6CNCrj%2B%2BRSP1cf1u2XNg3Ac3EvjrjIdVe4eBVJxDNeyt5Nz6Se3wcD0VeOw7vRSLwrKa6kf2SeQ1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0abf8d2fa5-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5636bc6aab1a3c06ce44c787b8e81159
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 jetpack-carousel.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/carousel/ 22 KB
5 KB 127ms
72ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/carousel/jetpack-carousel.css?ver=20120629
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f430b2a77635a22fa47e90dbcfffb6e2bd754c387bfb4fd4ea1e2b65729678cc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 565394
x-edge-location: defr
cf-polished: origSize=25827
x-cache: MISS
cf-request-id: 079a6d1ab50000c29fcd8e0000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-64e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=x1g6fPby%2FOqWzTTQAS63hNFX4FHHi6AhLVWJfCjjYfR8A611Ga7yQgQWu%2BtIYPmj6PGhhs5%2FyhLvW4LsyZ5AVtTk3U7IS4OdX4qJ1WWr%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abd8ac29f-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0fce9c2e8d355417c5d14778cd5065b6
cf-bgj: minify

GET
H2 200 frontend.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 7 KB
3 KB 123ms
68ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js?ver=6.2.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bbe3bd0cb79c46e8c538921ca15b8ed864fb7a269e8378347e34f2af3b23cdf7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 221336
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab200002b41c1177000000001
last-modified: Wed, 20 Sep 2017 08:31:16 GMT
server: keycdn-engine
etag: W/"59c22754-1c15"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GnAyWxNEYHv3Gy2vTpnpSCCAU7Vw9eiExEs0itWOL32RpW3xe2lmYVqUgFJQZSf3JgrECzl90F12drymjX6w4b2lGiSGujC9NuLZT9h71g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0ab9a62b41-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5fc7a42a45c751c6c0df85753118d7d4
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 jquery.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/ 95 KB
34 KB 119ms
63ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=96873
x-cache: MISS
cf-request-id: 079a6d1aaf00002c3ae1247000000001
last-modified: Fri, 17 May 2019 04:25:54 GMT
server: keycdn-engine
etag: W/"5cde37d2-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kyq3JQTPc58CkCu427LP15PagQH43Ol0ujsho61IT8%2F74aHzTPaM%2F0WqcuosMiZd%2BUv%2BPOuxUWkcgh%2BBQgQzc8SdT0c8ULogR1TSk8vfxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abf542c3a-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2350546d31bd8ead88d7f522394b27cc
cf-bgj: minify

GET
H2 200 jquery-migrate.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/ 10 KB
5 KB 107ms
52ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1aa40000c28b6aafa000000001
last-modified: Fri, 20 May 2016 06:11:28 GMT
server: keycdn-engine
etag: W/"573eaa90-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FOqaArnCkiWAM5pvZ8of%2BTzxinR26MioLTGjyEkPYbgBWkooXeZy1%2F5PXXsmktLHrMKqhBJSLO5C6Dofpn1QbGJWbOyIB7GCEi7jxVfyRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0a98b8c28b-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2f9df7b9927154871a1ced64b1cf8719
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 spin.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/ 4 KB
3 KB 108ms
52ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/spin.min.js?ver=1.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: a5307da44321773c9f46b34d756dcbd6cd427238e5cbad91cd2cf151513ec283

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 565394
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ab000002c1948021000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-119e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ihdob%2BvMzA6%2BG92kUKZPyWNaXJygP%2BxUdEukH6Sw7UtlP5JMlGHILw0VRMkhqCye6a6nFbcYzvW2a%2B4Hh69a8KgvloHbrsBIZg27z6jjrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0aba8d2c19-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0ac45e75579069476922c373084fddd6
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 jquery.spin.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/ 2 KB
2 KB 106ms
51ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/jquery.spin.min.js?ver=1.3
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 36ad0edaf88cb19e7cbdae22470c1f124f02fd5673bf6144c0a7a9f0a8fef987

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 565394
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1aab00002c4eba8fa000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-70e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3J84HuVA%2Bfc8kwVLdaaOZR58O3b%2FtUeHSHzCMYa2jRTjWkfLN8mz2ZOZkN8G3Fs8M90Xo9%2FKMEKekZFUeGcJTe2efM6OTvSbawE5a4S6ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0aacdf2c4e-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf0dcf00ab1aa0e1486092584a9e3ca45
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 main.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/css/ 83 KB
17 KB 128ms
73ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/css/main.css?1600708446
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 80cf7fc74cf2cb9eab4f78fef7ed7cd7d4370c66b6129ffbd8f2c6ca66e5b6e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=125826
x-cache: MISS
cf-request-id: 079a6d1ab300001f1d038f5000000001
last-modified: Mon, 21 Sep 2020 17:14:06 GMT
server: keycdn-engine
etag: W/"5f68df5e-1eb82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pY3oRFPnVd3G9zZkkk0rziO1zCaMmtWXMFhrOhxKyLL3Xx6UkbzdqvOXJG4U%2FK44hnY1j%2BlrUfz4WFhzGGMj1geeopj4j8X4nxm0IXwi0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abf831f1d-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu4399f72d715167a4b0fc45d59185589c
cf-bgj: minify

GET
H2 200 style.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix-graphus/ 36 KB
7 KB 112ms
57ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix-graphus/style.css?1576052726
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1f188c3017f993444dc8c267139cd5dd9466e29b181ace0f310933aa9c704851

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=46355
x-cache: MISS
cf-request-id: 079a6d1ab000002c3a5a974000000001
last-modified: Wed, 11 Dec 2019 08:25:26 GMT
server: keycdn-engine
etag: W/"5df0a7f6-b513"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=92HEUy%2FQVqj8a9mQkYWNtW%2BQNIt4H139csjx9q4gCnSr%2BzEzuZuZ9ZXsdfsio9LwgRSXrhCB0Zh%2BDPqwQDp5k9dmmpdLjp7Wyw1i6SFXvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abf582c3a-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf105eebbb71001553553189e22a5a0c6
cf-bgj: minify

GET
H2 200 /
www.graphus.ai/ 26 KB
5 KB 594ms
592ms Stylesheet
text/css 2606:4700:20::ac43:47f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.graphus.ai/?custom-css=79aff11e06
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0cf6df0a8d235ad3220663bab035da5a790b064df4bfed4a36db73c383f354b

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1m%2FeAqusDkdYcFJxW8pdXafEQWMZ0P3ob77CZi1GyOIS9fALcLFzkGANhOojMlyTmNLWpm5hU8%2BGamI5W7zPuur7fbFucvZs9C6l2QJZ9n6IKfVp9Ho5KPCLiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
x-kinsta-cache: BYPASS
cf-ray: 610a7e0a2b0505dc-FRA
cf-request-id: 079a6d1a5b000005dc84b57000000001
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu6af09fd97d62d9e9132f98940a31c637
expires: Wed, 12 Jan 2022 23:00:12 GMT

GET
H2 200 hamburgers.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 22 KB
3 KB 112ms
58ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/hamburgers.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: da3b53cad6493e4bc3ebc4119f4ac0aaa836719a62badf32047a78efb5a794b0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 941515
x-edge-location: defr
cf-polished: origSize=27049
x-cache: MISS
cf-request-id: 079a6d1ab100004a677a881000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-69a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IUuHxmsmQxkyoWfPyHdGSYo07yAxw8m5E6jJK2%2B6vizFNy5sio5RPa1BZQt67P7Uo2pE5D8OXgUMK8v6jy0VutpijwYjx9j4KRjoBpyoVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abe0b4a67-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0e570678401afe3d3801ec01262a7df5
cf-bgj: minify

GET
H2 200 jquery.mmenu.all.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 61 KB
8 KB 125ms
71ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/jquery.mmenu.all.css
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 78b7e339a157dcfd478816c0b11e30b622716c383308390e49b9882c011881ab

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 941515
x-edge-location: defr
cf-polished: origSize=62190
x-cache: MISS
cf-request-id: 079a6d1ab400002c562e2ad000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-f2ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fTbPnOmDXQtMqI76zdzPy4uYA2DwBt64oHtwmAi%2FC0MvEC4G3w6V8zb4jCFFgK2S%2B3kYFOItbpDNgVely31vnFU8ecgXW5OjqA3hX96izA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0abca42c56-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZua91ede4e2c4cc6cbbded8870b3c17b11
cf-bgj: minify

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-946879156

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63d934bcb48d56ec401df6f62c0c5d65143b9498156c568d69a9641faf319feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38952
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jan 2021 23:00:12 GMT

GET
H2 200 logo-graphus-r1.min_.svg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2020/02/ 8 KB
4 KB 36ms
32ms Image
image/svg+xml 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2020/02/logo-graphus-r1.min_.svg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 36d80c738c6cd18bac18bf802dc6e377bdce7e53bdcf8c480dfb2479a99e298a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 923022
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1cdc000005bbc9adb000000001
last-modified: Wed, 04 Nov 2020 05:17:52 GMT
server: keycdn-engine
etag: W/"5fa23980-207f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BjJ3RgAOdlKSdqwLjcbAJLMmBvosqG9IT3Gn1N9r%2B9B%2FWsAEBbusB%2BFmmWAWpUptbcl00EsW2HgROUs3fA0E%2BdjZP%2BnYdAH5OVm9yQNtVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0e2fb805bb-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuec6a7194b1b21dc45c7b3b4b422fa415
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 image-2-768x466.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 52 KB
53 KB 38ms
34ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2-768x466.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b2b9451a76a7231691850ca82d6d0f0b20bfc29bd268af6acf6a4d34891c6dac

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135989
x-edge-location: defr
x-cache: MISS
content-length: 53129
cf-request-id: 079a6d1cdf00003140b3bfe000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-cf89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D6XlGooyLi8UNTi2M7aY56TPuFxkauCR25xVkCq3T6XLQ9F6E26WiAPcxjNOnAYxt1%2F8gMV7uhUI7I0gF7BvtxyGBq77Hz0BQVwbFNEmNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0e3b4f3140-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf9c9cf36f4b208f913adafd4c3d7303d
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 image-2.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 146 KB
147 KB 45ms
41ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2dc92af1aaaf0954db15cf0efbaaf2666836b12eaa76463a12bc05b9a3933eca

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135989
x-edge-location: defr
x-cache: MISS
content-length: 149796
cf-request-id: 079a6d1ce000004ab01b128000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-24924"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=W1MRC%2BR%2BMftXPtrUwSlw5Eto9T9A3iNVkuH36gXRvO3bJqTxgEk5Iz2PQFq5a4NtofOF17gItNK9cGnvJJQ0DaS70yQO7IFs%2FfDFM1QuEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0e3e6b4ab0-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu7140a150c80f862085d0880e9d627456
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 image-2-copy-300x276.png
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/ 17 KB
18 KB 43ms
40ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/03/image-2-copy-300x276.png
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 124464c13e32b959d11d242e255edc0b27a09e164395fa248811770b44b0109c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 135989
x-edge-location: defr
x-cache: MISS
content-length: 17714
cf-request-id: 079a6d1ce00000dfe3309e5000000001
last-modified: Wed, 04 Nov 2020 05:17:49 GMT
server: keycdn-engine
etag: "5fa2397d-4532"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=891f6M3a5w%2BjUt2O4OPRYAciyXjO8oWiuX7nZnP0UGIyx0aK1eMNZNwRiV%2B49Rfr0d69heM2LjFHkJ32TH7Q1DBd9J4w5wGR3zJGhfWECA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0e3d11dfe3-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu04a377252b1bdc110f1fa83a19693465
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 logo-graphus-w-r1.svg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/ 10 KB
5 KB 39ms
36ms Image
image/svg+xml 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/logo-graphus-w-r1.svg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b4a712748e001f973330b7a2f0087e68251839a5fb9160de94b48ce5102f9425

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 47953
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1cdf00002c527094f000000001
last-modified: Wed, 04 Nov 2020 05:17:51 GMT
server: keycdn-engine
etag: W/"5fa2397f-2970"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sMF2KOcJbto%2Bq3zBtTDgAYpwxOoKuqpSy5U%2BSjpsZxIhNA2rdKSzU2CiEV8%2FrUXbCZkpoY2oKbyY6pICoMdeE19ZaW%2BvxTxefVTT%2FmjKrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0e39af2c52-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc7983192e1a5c39321680febde3d9485
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 6041
date: Tue, 12 Jan 2021 21:19:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 12 Jan 2021 23:19:32 GMT

GET
H2 200 wp-emoji-release.min.js Show response
www.graphus.ai/wp-includes/js/ 14 KB
5 KB 15ms
12ms Script
application/javascript 2606:4700:20::ac43:47f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.graphus.ai/wp-includes/js/wp-emoji-release.min.js?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:47f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 196586
cf-request-id: 079a6d1cc7000005dc59323000000001
last-modified: Tue, 05 Nov 2019 22:04:02 GMT
server: cloudflare
etag: W/"5dc1f1d2-364d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZtZbx%2FAky3Fozh1ICNi3gfF91yfM0skeJjue1NJBMf1ngAL8KxKAu9ZhNCr3d9fF%2FcY6TMxJU2t88h5zV6OGmDMwacnVquSxSGeT6RVaFZMvHVnUIRIoSL%2BbZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 610a7e0e0ab205dc-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZucea024b3d5e4fded934b5a862d80f0bd
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 woocommerce-smallscreen.css
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/ 7 KB
2 KB 40ms
38ms Stylesheet
text/css 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 5302d7ef47b197c6cc07e5db5152dcce3b6886ac18f727875fe78ba8e8129224

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911873
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1cdf00002b71d63d6000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-1a66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qR3%2Bv4R2B%2F5Ot4xaoqUzunAarlBgEDfktMmcgJN7h7gsp%2Boux2g96YSdYAwIirxC3hCmSoM9UFwyn7QRqE15hl98IWYy7hI8nyzdGEB6Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0e3c0c2b71-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8556a726cce93a5430b2c8137febef8d
cf-bgj: minify

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2504
date: Tue, 12 Jan 2021 22:18:29 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 13 Jan 2021 00:18:29 GMT

GET
H2 200 email-decode.min.js Show response
www.graphus.ai/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 8ms
8ms Script
application/javascript 2606:4700:20::ac43:47f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47f2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
cf-request-id: 079a6d1b44000005dc708a0000000001
last-modified: Tue, 05 Jan 2021 18:15:38 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5ff4acca-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3hL79vai8bPVsQw%2B9DXu7rLGgtmNcpAtp0409a414El27t0ucFATCqagKFNI4XnTKMVwwmMWdiijqHLcNDxu9ZB%2BZHlXxAWGaHjqA4pvpiFB4td2ScCkC1oIpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 610a7e0b9ddb05dc-FRA
expires: Thu, 14 Jan 2021 23:00:12 GMT

GET
H2 200 calltracking.js Show response
app.prontomarketing.com/insights/0bf688261823/ 5 KB
2 KB 83ms
34ms Script
text/javascript 2606:4700:20::681a:625
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.prontomarketing.com/insights/0bf688261823/calltracking.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:625 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fce0bd114c6868f5f6f9bbbba133543eae9fb06b3e30079a66234ebf5c1c1ca1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1134
cf-polished: origSize=7086
access-control-allow-methods: PUT, DELETE, GET, POST, OPTIONS
cf-request-id: 079a6d1b7f0000bee2d5b42000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xkvRlCwuMSveNOoPnAB8V82gVgkujeNbVEcJPeiu0dJjLUyzXECMvEQw2tzGvFuqql5HjiiTkWeWUOqGXQ5z%2B7O5z789XaDGdjS8nxRPIc7g5N9doqitSwUq4s6UQbiR2%2BXszQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=2678400
access-control-allow-credentials: true
cf-ray: 610a7e0bf91abee2-FRA

GET
H2 200 sharing.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/sharedaddy/ 10 KB
4 KB 45ms
45ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.js?ver=4
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: cdc21e1d1c0a67812e193214ac25750e86d3e7d203ceece71cad72c0be2ca40c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911871
x-edge-location: defr
cf-polished: origSize=15504
x-cache: MISS
cf-request-id: 079a6d1baf0000175eea338000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-3c90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sXOkUUhsXMtYlc85vjLmXNTy6umyCymtJyGKJNLVoKfIueU%2BL%2B7TrzDxyihBncmMiIvZc8aOtM%2FLDAK0Qz0SPqnSh6qt4Ks4Z2AhyGWQEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0c4dbc175e-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc038667cf8bd44571abb4228d66ffc17
cf-bgj: minify

GET
H2 200 jquery.flexnav.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/ 4 KB
2 KB 23ms
23ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/jquery.flexnav.js?ver=4.0
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b2724c5c9101f3ff26dae3f9dbcdd60b4ceb05a96c42b4c2e1f44d41646655a2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 221335
x-edge-location: defr
cf-polished: origSize=5751
x-cache: MISS
cf-request-id: 079a6d1bd90000e003a8a60000000001
last-modified: Mon, 21 Aug 2017 07:56:35 GMT
server: keycdn-engine
etag: W/"599a9233-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lxjfsxFELl%2BJaLdZX0IZbW5JCgGvrnqhT1gjIf%2FKYG3bWY0DRB6hRXLANEW9Me0tPesw15n%2BMZGOET7mqO%2FvdDipDC9lleOnLE6C9cnpCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:12 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0c89a0e003-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu8cbc84735a3640218463077bf5271532
cf-bgj: minify

GET
H2 200 jquery.blockUI.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/ 9 KB
4 KB 26ms
26ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1bf10000dfe7ec281000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-255e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tiV7HCva0sA%2FllBI6qbxGsjU6gSHFj%2BUSDOIqbIgpAF9amfgJeMPKFe1qfwUZyg5Xf7hDVRHQf%2FH%2B7xFiQDzCvrSjnc%2FDuDf95nEOuZdFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0cbd7fdfe7-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZudef968b1f2660eed469ab536f8b0f277
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 add-to-cart.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
2 KB 20ms
19ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 57d7a5b4baf5112c85fd5be59369f9a0158e727e679c726158095abaea3b11b8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911871
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1c0a0000060165b58000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-a4d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r6idlyycyyt3muNTeBgzrRcXT7WJ79%2Bbt0ucwjmc2cZtbPBGwn9lw2h0EARIJXKN1NOz3A%2B44XAcxXI5H6BXdkyB3FiQPd3BoS7PQZvseQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0cdb8a0601-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu0d171165cdae1a6b961a54ca13ad6d55
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 js.cookie.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/ 2 KB
2 KB 42ms
42ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:12 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911870
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1c2f00002b71873f4000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-736"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=z%2BcLWF9GInoC9pEIIKfJbtoBuFRkn6Bse%2Fni5CNFvSfybz%2BSNQmI6zkigxB0z53YaluKv6IsWpRWCYMG8la9MvVtCEb55zaOoo7DBA9dfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0d1a452b71-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu65eb2246c10fc7bba4c9036bab811149
expires: Thu, 13 Jan 2022 04:49:12 GMT

GET
H2 200 woocommerce.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 1 KB
1 KB 49ms
49ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 2d8747d26eba68a46f768d99eebf4b4624a37b2a3bd83d4a6934939e62846972

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1c6700004a56cc9ba000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-5c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=V7UTIW5CGlH%2FjpqLN%2Btwwwd1YKe0dgIwT0htpUe8onGHo3T076KKVzruUsgw9BUmpKTAzLdn7%2FqA4GOyipEvk2k25gUYlQFALiDSLgUiVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0d7a884a56-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu1583798a13866da842b5b1beeaf2d079
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 cart-fragments.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/ 3 KB
2 KB 46ms
46ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.6.5
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: bed0bd033705c33f1742d8fab2bfed8e945567319fd00e529838392eca49eac0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 486643
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1c820000325010046000000001
last-modified: Fri, 26 Jul 2019 06:54:56 GMT
server: keycdn-engine
etag: W/"5d3aa3c0-b7c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9TGlrCeQtBzZiZlz68WF0%2B%2F5LySLlfdQmcEg34O35yoOnvtHQo0N79QWj3DWnkf18W3Y3sjWNlFCRUqY%2FbLnpxKKuoP3NmHE4tpsFwUyKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0d98503250-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu15081cb28443f3b6d939a34ea406615a
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 skip-link-focus-fix.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/ 597 B
1 KB 40ms
40ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/skip-link-focus-fix.js?ver=20130115
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1603064e2edd4b76a3a5a0e970b1b756000cfe0937c320cb6f223a08b43df0b2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=733
x-cache: MISS
cf-request-id: 079a6d1cb80000d6d54b24e000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-2dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WqC8o5liaYprcIekfx5gDFNwtGxcchrCQVY7A9pZ82QpSOmoPqCbHMkFUfTCQjYLAjw%2FMFCpVSsnqs1k6g3vt5INUh2xh9gBEO%2B7WkYzlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0df916d6d5-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu07e0d0db7a5f0de1d3e05c00b59a82d2
cf-bgj: minify

GET
H2 200 lip.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-lead-insights/js/ 3 KB
2 KB 28ms
27ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-lead-insights/js/lip.js?ver=20150324
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: f49cf987c70df95fda53db7399991e76854f8c5364a61d1b4532073ac60390da

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=5514
x-cache: MISS
cf-request-id: 079a6d1cb700000eb74e3af000000001
last-modified: Wed, 02 May 2018 02:30:14 GMT
server: keycdn-engine
etag: W/"5ae922b6-158a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2BqVMToakwJU4hefjssFBmtPloW85PBivgcsAOYwdN%2F53JqDMk3Me0EmtcA6fBQzvkKyI8Yg4s7kAx50gTpWMkA%2F1r8ugnUrWBh1cIuOLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0df8870eb7-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu92aae3f25e9ff772fb9d121412bcbae7
cf-bgj: minify

GET
H2 200 jetpack-carousel.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/carousel/ 27 KB
9 KB 42ms
37ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=20190102
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: a9261574e7afe310f6aad5c96c0fddd7a080e71839332d620348e98d0badcc14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 565395
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1ce200004abd2ab79000000001
last-modified: Mon, 16 Mar 2020 11:21:43 GMT
server: keycdn-engine
etag: W/"5e6f6147-6d82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Rv6MeIuGyQ9w2hStinTcLQw1xh3H%2B25awVxO2VQGlLp5Y7XugAaYVy8cjEVkHAJhCHqrWsZSIhB8fcsuBIhI4QhRzPdgXQRnp3OeKo0FcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0e3c784abd-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf6f1dcb0bb860fdfb6fa4173eb8d2fb1
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 wp-embed.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/ 1 KB
2 KB 37ms
33ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/wp-embed.min.js?ver=5.4.2
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1cdc00004abd27a46000000001
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: keycdn-engine
etag: W/"5db39083-59a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IgsH%2BRPYaoaOoFwoxfL8hwmSxLHRMARmu%2FJYJ1cgAsPeNDk8gKxP6XET1c6cmAQ0naYp8PH0CsYAllzknpag%2B41G7S5hDcwgkxpgFq2%2B6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0e2c624abd-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu240e0d98c9e8fae394dc7db4083858f4
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 jquery.mmenu.all.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/ 58 KB
15 KB 42ms
38ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/jQuery.mmenu-master/dist/jquery.mmenu.all.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 7a5417e5f6ca399b82350e9af08a68bf070facbad05754a61728b5eef22bb513

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 229867
x-edge-location: defr
cf-polished: origSize=62029
x-cache: MISS
cf-request-id: 079a6d1cdd0000145a67b21000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-f24d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EiQBNT2m9DoNJpc%2FNMeX7eoANi%2FMVZQ9k1dRqZP5lQPe2739SIyfRlCucvTAO%2BIq8W4zXBdGI6EGkXt9pT%2BfhEZWu8HaN3bGiKySgXGwUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0e2c6b145a-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu2bb61c0b4b4bbb15f60fba3dd6934289
cf-bgj: minify

GET
H2 200 imagehover.min.css
cdnjs.cloudflare.com/ajax/libs/imagehover.css/2.0.0/css/ 14 KB
2 KB 19ms
15ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/imagehover.css/2.0.0/css/imagehover.min.css

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc1f1d4f5acdfb2810a3f9f9a59e5e4c61949be5d662010cafa0569d256a4ba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 518640
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
content-length: 1891
cf-request-id: 079a6d1cc80000062d73adc000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e9f-36e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3Lx9bzZteVspcPZKdDDOQ5nYw%2FINcWvtw3oKdTmnHg5xQ3D9P01%2B3s2vky%2B4t%2FjgiWrFq7uNesbsq0TZRk23ggtTTEzqaEBxNmliHKcvfcsXyCk8HNDqxDu3ikuymbkDSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 610a7e0e0b39062d-FRA
expires: Sun, 02 Jan 2022 23:00:13 GMT

GET
H2 200 7001790.js Show response
js.hs-scripts.com/ 2 KB
945 B 160ms
139ms Script
application/javascript 2606:4700::6811:d4cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/7001790.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e290fbd155b3f770ccd65e55e4fb0fc73ec3c7a4e393829ccd8ad0062a9ca280

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: EXPIRED
server: cloudflare
x-trace: 2B7EA5ED9C644E93A0585F7AA57FB83CD7458EAFC0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-max-age: 3600
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 610a7e0e2fa71782-FRA
cf-request-id: 079a6d1cda0000178213273000000001
expires: Tue, 12 Jan 2021 23:01:13 GMT

GET
H2 200 bootstrap.min.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/js/ 27 KB
8 KB 38ms
35ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/bootstrap/js/bootstrap.min.js
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 950885
x-edge-location: defr
x-cache: MISS
cf-request-id: 079a6d1cdc00002c0d171d0000000001
last-modified: Fri, 21 Aug 2020 06:53:21 GMT
server: keycdn-engine
etag: W/"5f3f6f61-6c4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jZSOCm0UgRhxsEBATCW87dvYWZbjtrZuI%2BdGrTXqVYvWOZf%2F0oIc%2BamO3CSqxRnhQrMaTmNbNpEW7ZVhd8mRSTxS9Y6e86YGHQtBT5okUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31556940
cf-ray: 610a7e0e2d622c0d-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu55edd2d7fbb6dccb567c3a7a58313eca
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 main.js Show response
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/ 4 KB
2 KB 43ms
39ms Script
application/javascript 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/js/main.js?1597992806
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 636018f811bfbce8cab219d03ac80cfa82ef88786f61c66057c4288923a8957f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 911872
x-edge-location: defr
cf-polished: origSize=5046
x-cache: MISS
cf-request-id: 079a6d1cde0000dfb76c9e2000000001
last-modified: Fri, 21 Aug 2020 06:53:26 GMT
server: keycdn-engine
etag: W/"5f3f6f66-13b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Nrw%2BkXsp5xvUZ4wvHUntO6s3gy5Px0JaKApOkQ8rllvnNmPEj1MtcZkNgUdYhQpfqFfKwiJaOHNrVNk%2FNoerPluJG6LL1kXZAZNnsd2T0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
cf-ray: 610a7e0e393adfb7-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZud88a5da5e149cbc47f48770c2fd641dc
cf-bgj: minify

GET
H2 200 css
fonts.googleapis.com/ 3 KB
602 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/?custom-css=79aff11e06

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0c3673eabdeb4f3b582d8b63b9743a1e8cac6525a1c1be066c863eb616b559c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 22:42:02 GMT
server: ESF
date: Tue, 12 Jan 2021 23:00:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 23:00:13 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
12 KB 74ms
72ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-946879156

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12175
x-xss-protection: 0
server: cafe
etag: 17536051821503146167
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Jan 2021 23:00:13 GMT

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
45 KB 43ms
29ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a7b2e1537b7079e60fb9dfcdbd61c6310175a945014fa282c532a113c7cc5451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45723
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jan 2021 23:00:13 GMT

GET
H2 200 fa-brands-400.woff2
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/ 74 KB
74 KB 49ms
34ms Font
application/font-woff2 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/fa-brands-400.woff2
Requested by: Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b

Request headers

Origin: https://www.graphus.ai
Referer: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 486643
x-edge-location: defr
x-cache: MISS
content-length: 75308
cf-request-id: 079a6d1cf400004a8cb8127000000001
last-modified: Fri, 21 Aug 2020 06:53:25 GMT
server: keycdn-engine
etag: "5f3f6f65-1262c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Fb%2FPDK8oMsE1I%2Bkt9UsCyTs78g4HyoygS7SbwewElOdxpCTkzUiOnB3RuN9UIUEuzkntHIgFnT68fA7VdA41xAbJLHTW%2BMm7xGIScifB6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0e583e4a8c-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuc7c96cc3d31b0e12c0c22953a7876779
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 fa-solid-900.woff2
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/ 127 KB
128 KB 59ms
45ms Font
application/font-woff2 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/webfonts/fa-solid-900.woff2?v=5.11.2-pro
Requested by: Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca

Request headers

Origin: https://www.graphus.ai
Referer: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/themes/phoenix/fontawesome-pro/css/all.min.css?v=5.11.2-pro
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 33666
x-edge-location: defr
x-cache: MISS
content-length: 129832
cf-request-id: 079a6d1cf50000323cba289000000001
last-modified: Fri, 21 Aug 2020 06:53:25 GMT
server: keycdn-engine
etag: "5f3f6f65-1fb28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ScBxgeHmxs59oMvnQPyisbkwBIM6IESIC1%2BUQggXeoruEJps01%2FjSW5tCjs57tUUxVwSGxpSv8x9dM2fUImPDiHbvRVOclWkodD37IGAdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0e5ea8323c-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZu5c677b830ab68de4fda105fa2e21725b
expires: Thu, 13 Jan 2022 04:49:13 GMT

GET
H2 200 RrQXbohi_ic6B3yVSzGBrMxQaKctMc-JPQ.woff2
fonts.gstatic.com/s/redhattext/v3/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhattext/v3/RrQXbohi_ic6B3yVSzGBrMxQaKctMc-JPQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e74fb04398bed2d71dfcaa2b82bd3a80de47030039ed913b979fcb854279f43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.graphus.ai
Referer: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 06 Jan 2021 10:10:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 19:53:52 GMT
server: sffe
age: 564582
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11372
x-xss-protection: 0
expires: Thu, 06 Jan 2022 10:10:31 GMT

GET
H2 200 RrQIbohi_ic6B3yVSzGBrMxYm4Q4HO2EF1qELw.woff2
fonts.gstatic.com/s/redhattext/v3/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/redhattext/v3/RrQIbohi_ic6B3yVSzGBrMxYm4Q4HO2EF1qELw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a257396a255bd839a4cbf9880aba23a6180107c2d1ca34c88a6aa22666bc86f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.graphus.ai
Referer: https://fonts.googleapis.com/css?family=Red+Hat+Text:400,400i,500,500i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 06:12:13 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 19:41:50 GMT
server: sffe
age: 60480
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11372
x-xss-protection: 0
expires: Wed, 12 Jan 2022 06:12:13 GMT

GET
H2 200 / Show response
app.prontomarketing.com/calls/api/ 129 B
529 B 256ms
255ms Script
text/html 2606:4700:20::681a:625
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.prontomarketing.com/calls/api/?site-api-key=0bf688261823&landing_page=https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/&referer=direct&utmz=&uuid=efb4a487d9d65bd4abd39aea31d452d5&keyword=&gclid=&campaign_params=https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Requested by: Host: app.prontomarketing.com
URL: https://app.prontomarketing.com/insights/0bf688261823/calltracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:625 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c054e7179817217fc8dc7d9812897b840a016435ff2d1f9fab86c8e50c20054b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Cookie
access-control-allow-methods: PUT, DELETE, GET, POST, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9yaU0zRRHwZz5e9mJ4l4l1v6rG%2BVZSTSotKPzZOK7Qx0xMHpcgSQl%2FOSn4j%2B0nzspMO14g09yZIeb9o%2B1aLvucOFytp4bGxiC8edDfaHaHD89p0OarglQqNGP3KeBxV4rZdqXg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 610a7e0eaa5bbee2-FRA
cf-request-id: 079a6d1d260000bee2b8a2a000000001

POST
H2 200 / Show response
www.graphus.ai/ 210 B
970 B 416ms
415ms XHR
application/json 2606:4700:20::ac43:47f2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.graphus.ai/?wc-ajax=get_refreshed_fragments

Requested by

Host: mk0graphus6hi9e9iec2.kinstacdn.com
URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:47f2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-pingback: https://www.graphus.ai/xmlrpc.php
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-robots-tag: noindex
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=01ChVL97iFzMq40tIKv5Ka9uNXCIDh%2BN4%2B7gfG4X1hiiMB1XPKzIP2TV3VDlrEQLzNeTh8YFQ5UPM9KSgtGzfSMlANyAjgpQUdmBwFwYEUNgb3EBsUKhcn8TtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.graphus.ai
cache-control: no-transform, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-request-id: 079a6d1d77000005dc3ba40000000001
cf-ray: 610a7e0f2ccb05dc-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZuf3c1303bc23ef42580a593d0eba892fe
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 masthead-resources-blog.jpg
mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/ 138 KB
139 KB 26ms
26ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/uploads/2019/12/masthead-resources-blog.jpg
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 1cd4b18f8fddf16ca9c669a335248863f3d8c07cedcce7a01d9ca2002a10d2e9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 486643
x-edge-location: defr
x-cache: MISS
content-length: 141367
cf-request-id: 079a6d1d9600001f2db20d7000000001
last-modified: Wed, 04 Nov 2020 05:17:51 GMT
server: keycdn-engine
etag: "5fa2397f-22837"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PEUGKwCE%2BsFHQ%2B29IZ8CpvwCNFbf1XhspwNtacqmB30vnKH1Y4%2FNiF8pZSsppzy7ZVngW%2FgAVkmXi596pIqKb5fQH0miFXT3bjauJIdeRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 04:49:13 GMT
cache-control: max-age=31556940
accept-ranges: bytes
cf-ray: 610a7e0f5bb01f2d-FRA
x-edge-location-klb: XGjmMkrfDiBhyDa1rJr8vEZue092ab96cd113d9b55d14aa0e7802774
cf-bgj: h2pri

GET
H3-Q050 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 22:57:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 166
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 12 Jan 2021 23:57:27 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/946879156/ 2 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/946879156/?random=1610492413377&cv=9&fst=1610492413377&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0958ba35b21b26b485d3618720ca7195f581f668eb669e13ad1dbd539f5bd6cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1090
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
9 KB 116ms
100ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 75772757C5EA4AC889B661D4D97D942B Ref B: FRAEDGE1517 Ref C: 2021-01-12T23:00:13Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 21ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 23:00:13 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15483
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 55316wt066540.js Show response
tracker.marinsm.com/tracker/async/ 5 KB
2 KB 237ms
92ms Script
text/javascript 99.84.144.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracker.marinsm.com/tracker/async/55316wt066540.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TJZ7ZDM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.4 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-4.txl52.r.cloudfront.net
Software: /
Resource Hash: cb42e7757a6c0bbf6da57ebcdaa34f6baab5aa0588d07b448cc2af5257be4a79

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 05:23:37 GMT
content-encoding: gzip
age: 63396
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront)
cache-control: max-age=172800
x-amz-cf-pop: TXL52-C1
x-marintrackerversion: 3
x-amz-cf-id: FIqeSPOnZKJi6aQFgIwB7pbOrYe-ZXSkprZ2e9PtkTbXvHeAyvf5VA==
expires: Tue, 12 Jan 2021 05:26:29 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 90 KB
24 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: dbwwB7+NsmiiuLwIoywfJM1Gnsd72OWHTze3/6MY3jKJ+uGb31sZA+a/31sbcKa/CgMr+xVyfUNfSnIPQLi9tQ==
x-fb-trip-id: 1527350943
x-frame-options: DENY
date: Tue, 12 Jan 2021 23:00:13 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 7001790.js Show response
js.hs-analytics.net/analytics/1610492400000/ 60 KB
18 KB 165ms
149ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1610492400000/7001790.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf9b3dd14557f08a03eca5a43cf8cf8574c1d26db5f40a702b72155e2ab09aee

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: CE70BFBF66C74062
x-amz-server-side-encryption: AES256
cf-ray: 610a7e0fec54d705-FRA
x-amz-id-2: AKzg0jvprmoeM8t9ah+03coirAFPqiKaa0bCASQK0WpsX8t/K1CaI2Cx4d105U4DxcOf7ZrJURg=
last-modified: Mon, 14 Dec 2020 18:15:36 GMT
server: cloudflare
etag: W/"e2be30194fac1ae500fda0ac1cca321a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-request-id: 079a6d1dee0000d7050238c000000001
content-type: text/javascript
expires: Tue, 12 Jan 2021 23:05:13 GMT

GET
H2 200 7001790.js Show response
js.hs-banner.com/ 54 KB
14 KB 67ms
46ms Script
text/javascript 2606:4700::6812:14bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/7001790.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d5f2599036b1712e667cef385c06899b50d259f731531a12fe8b1e1789df860

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-goog-hash: crc32c=VybaVw==, md5=0CyTrYUpF6LRa9c5a1IRoQ==
date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-guploader-uploadid: ABg5-UyC7IHYS2pOAkiVhcexfXbNyPUh_F1x_NcK5fI5qtG5fpCbry8dArBSLrRQH7gzj5FLE9sIyWUT48O4CYJGV4c
x-goog-storage-class: STANDARD
access-control-max-age: 604800
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/javascript; charset=UTF-8
cf-request-id: 079a6d1df900003237da094000000001
timing-allow-origin: *
last-modified: Tue, 05 Jan 2021 19:23:56 GMT
server: cloudflare
etag: W/"d02c93ad852917a2d16bd7396b5211a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-goog-generation: 1609874636493396
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
x-goog-stored-content-length: 55568
cf-ray: 610a7e0fee123237-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 12 Jan 2021 23:05:13 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 79 KB
20 KB 54ms
34ms Script
application/javascript 2606:4700::6811:eecc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:eecc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c4a8449812bdaa9eb7ad78d92bc5a7a8b9071a71e93c943168db33daa0b35b3

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
via: 1.1 fb41e17254dfd781519e95cedd257827.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 571
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.8100/bundles/project.js&cfRay=610a701cbb7cc272-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 079a6d1df300000609a99c6000000001
last-modified: Mon, 11 Jan 2021 03:07:17 UTC
server: cloudflare
etag: W/"92086cc3e1c2a03230fa57be7e5a9883"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: B0kkCloaf1R6H4bItlrZbSQy4iYB_qIL
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-C3
cf-ray: 610a7e0fef1d0609-FRA
x-amz-cf-id: sg0HdDQ5wPqOn034vtdvHIif7UGIqrAOJFpun-G_f9KAZYs-81_Lxw==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 87 KB
25 KB 49ms
29ms Script
application/javascript 2606:4700::6811:80ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/7001790.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:80ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad9e4318a5ffb02d153a7275ddc2a55a896e412e4c95e0cb48365b4c99501413

Request headers

Origin: https://www.graphus.ai
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
via: 1.1 4db130e87be66fce9731567ae0669c56.cloudfront.net (CloudFront)
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
age: 24302
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.206/bundles/project.js&cfRay=61082cbeda4cd70d-IAD
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
cf-request-id: 079a6d1df400000621ec221000000001
cf-ray: 610a7e0fec1a0621-FRA
last-modified: Wed, 18 Nov 2020 03:17:23 UTC
server: cloudflare
etag: W/"8009c15ab0ddd537e87c8961e3793907"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: vK9VzhfTTqVFyznSA1saY0pwTd8plNRY
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
x-amz-cf-pop: IAD89-C3
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 3oseR_DR4zR-Kc39BKmzSM6tA27YpQNM02AYhywztbkWpU1nmmCaYg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 31ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=13486678&gjid=621722186&_gid=1129262312.1610492413&_u=aGBCgUAjCAAAAE~&z=300256104

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jan 2021 23:00:13 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
66 B 26ms
26ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=689824755&t=pageview&_s=1&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&ul=en-us&de=UTF-8&dt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=9347427.334689967.1610492413.1610492413.1610492413.1&_utmz=9347427.1610492413.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1610492413432&_u=aGDCAUAjCAAAAG~&jid=1279371209&gjid=1622997800&cid=334689967.1610492413&tid=UA-92797871-1&_gid=1129262312.1610492413&_r=1&gtm=2wgbu0TJZ7ZDM&z=265811094

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 25ms
25ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=689824755&t=pageview&_s=1&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&ul=en-us&de=UTF-8&dt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=9347427.334689967.1610492413.1610492413.1610492413.1&_utmz=9347427.1610492413.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1610492413423&_u=aGBCgUAjC~&jid=13486678&gjid=621722186&cid=334689967.1610492413&tid=UA-92797871-1&_gid=1129262312.1610492413&z=1498225063

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 03:45:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 69254
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/946879156/ 42 B
154 B 23ms
18ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/946879156/?random=1610492413377&cv=9&fst=1610492400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&async=1&fmt=3&is_vtc=1&random=1322017255&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/946879156/ 42 B
154 B 24ms
20ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/946879156/?random=1610492413377&cv=9&fst=1610492400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&tiba=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&async=1&fmt=3&is_vtc=1&random=1322017255&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ 0
678 B 680ms
635ms Image
application/javascript 2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2731204&time=1610492413459&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:14 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: d3b3PFGeWRbQo05VxyoAAA==

GET
H2 200 716770535857542 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 57ms
57ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/716770535857542?v=2.9.32&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e61e0b80cd3767298e5322977fc9ed14c4799f72dcdaa98b9da15e715c1dae4b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: tR2TJNIZiZdz7AbdoMFh5lmA0edrLG0cOrQPChRutgAbG5RG7JgBasGoY/FdJQEvrsKMlGKQiPKtwaV4fdR86A==
x-fb-trip-id: 1527350943
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 12 Jan 2021 23:00:13 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 962016497
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 16ms
15ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=13486678&_u=aGBCgUAjCAAAAE~&z=950234392

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=13486678&_u=aGBCgUAjCAAAAE~&z=950234392

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
424 B 40ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=1279371209&gjid=1622997800&_gid=1129262312.1610492413&_u=aGDCAUAjCAAAAG~&z=479652449

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jan 2021 23:00:13 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 126ms
110ms Other
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=7001790&conversations-embed=static-1.8100&mobile=false&messagesUtk=a2ebcb0225c44a7ba88667d798510ccc&traceId=a2ebcb0225c44a7ba88667d798510ccc

Protocol

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-hubspot-messages-uri
Origin: https://www.graphus.ai
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-type: text/plain; charset=utf-8
content-length: 18
x-trace: 2B811776875D34CFEC91DC82203DF19A75766B165D000000000000000000
allow: HEAD,GET,OPTIONS
vary: Accept-Encoding
access-control-allow-credentials: false
access-control-allow-origin: https://www.graphus.ai
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
cf-cache-status: DYNAMIC
cf-request-id: 079a6d1e54000005edcda17000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 610a7e108f3c05ed-FRA

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 210ms
210ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fbacad2354886b82e0df0234b9bf892c720805353e10510f352ecd070d6f557

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

X-HubSpot-Messages-Uri: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-length: 1417
cf-request-id: 079a6d1ec3000005ed9fb91000000001
server: cloudflare
x-trace: 2B1FBFBCBBBC9CBEA4B110F97455D135DDFCE1A108000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.graphus.ai
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 610a7e11384e05ed-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
233 B 116ms
114ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=7001790&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

801ad457ff9fe95e0eac0ba1303f3a12b0cd144482030d3d0a6b171e8fe106a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.graphus.ai
access-control-max-age: 180
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 610a7e108f4605ed-FRA
access-control-allow-headers: *
cf-request-id: 079a6d1e58000005edba82c000000001

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
483 B 39ms
24ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=1279371209&_u=aGDCAUAjCAAAAG~&z=40964093

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
483 B 47ms
32ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-92797871-1&cid=334689967.1610492413&jid=1279371209&_u=aGDCAUAjCAAAAG~&z=40964093

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
148 B 98ms
98ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25141456&Ver=2&mid=7fff6bf4-7163-458a-95db-348b70a6f6a4&sid=edbaca90552911eb86c64d81057cf857&vid=edbaf2f0552911eb9cdcbf427080fe69&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&p=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&r=&lt=1217&evt=pageLoad&msclkid=N&sv=1&rn=863421
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 6E8ACFC311684CA2851E87DCCC4B4511 Ref B: FRAEDGE1517 Ref C: 2021-01-12T23:00:13Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 19ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=716770535857542&ev=PageView&dl=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&rl=&if=false&ts=1610492413558&sw=1600&sh=1200&v=2.9.32&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1610492413556.1974861590&it=1610492413466&coo=false&rqm=GET

Requested by

Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:13 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Tue, 12 Jan 2021 23:00:13 GMT

GET
H2 200 tp
tracker.marinsm.com/ 36 B
467 B 75ms
75ms Image
image/gif 99.84.144.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tracker.marinsm.com/tp?act=1&cid=55316wt066540&tz=-1&ref=&page=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&uuid=FADF54FE-D1C3-43D6-9960-F68F18D838FC&rnd=325171488
Requested by: Host: www.graphus.ai
URL: https://www.graphus.ai/clever-phishing-attacks-using-microsoft-forms-detected-by-graphus/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.4 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-4.txl52.r.cloudfront.net
Software: /
Resource Hash: be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:13 GMT
via: 1.1 a3dc4a768d48247641f8ad7f08326d38.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
p3p: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-cache
x-marintrackerversion: 3
content-length: 36
x-amz-cf-id: eUXxYONq_WEImAqK42-L2WRi4Z71QdvENa4-GCQ1k7IyBn7x1HhEkA==

GET
H2 200 a2ebcb0225c44a7ba88667d798510ccc
app.hubspot.com/conversations-visitor/7001790/threads/utk/ Frame 4AFC 0
0 138ms
123ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/7001790/threads/utk/a2ebcb0225c44a7ba88667d798510ccc?uuid=b3c8be8dcd8a41a39c002b89cc9ad82a&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=a2ebcb0225c44a7ba88667d798510ccc&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: app.hubspot.com
:scheme: https
:path: /conversations-visitor/7001790/threads/utk/a2ebcb0225c44a7ba88667d798510ccc?uuid=b3c8be8dcd8a41a39c002b89cc9ad82a&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=graphus.ai&inApp53=false&messagesUtk=a2ebcb0225c44a7ba88667d798510ccc&url=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 23:00:14 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dad54f0d70d78732232d2a1f4ce0726821610492413; expires=Thu, 11-Feb-21 23:00:13 GMT; path=/; domain=.hubspot.com; HttpOnly; SameSite=Lax
x-amz-replication-status: COMPLETED
last-modified: Mon, 11 Jan 2021 03:07:17 UTC
x-amz-server-side-encryption: AES256
x-amz-version-id: _LeBOKP64mZRNYul6syQsjR3RKnZrGGY
etag: W/"31b5db0185ce2e47d2bc07213fbc2d8c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 23c9ec01b6f4151f654547c0190aeebf.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD89-C3
x-amz-cf-id: DDbYejSge-Ebf7tuagVirs44NMjVzcY_rnLco_TKMsXXJQTns0M7JA==
age: 3474
access-control-allow-credentials: false
cache-control: max-age=600
x-hs-cache-status: MISS
cf-cache-status: DYNAMIC
cf-request-id: 079a6d1feb00002b35d3b56000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 610a7e131ebf2b35-FRA
content-encoding: br

POST
H2 200 /
www.facebook.com/tr/ 0
107 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCAkBoJ4wxtsErrJn

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Tue, 12 Jan 2021 23:00:14 GMT
content-type: text/plain
access-control-allow-origin: https://www.graphus.ai
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
316 B 24ms
23ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2978788718&v=1.1&a=7001790&rcu=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&pu=https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&t=Clever+Phishing+Attacks+using+Microsoft+Forms+Detected+by+Graphus+-+Graphus&cts=1610492414261&vi=5d7b7b23b7bb1bc06db691cada2a127f&nc=true&u=62118131.5d7b7b23b7bb1bc06db691cada2a127f.1610492414257.1610492414257.1610492414257.1&b=62118131.1.1610492414258

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-ray: 610a7e152a652b35-FRA
date: Tue, 12 Jan 2021 23:00:14 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI CUR ADM OUR NOR STA NID"
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
content-length: 45
cf-request-id: 079a6d213500002b35a29fc000000001
x-robots-tag: none

GET
H3-Q050 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
378 B 62ms
48ms Image
image/gif 2a00:1450:4001:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=957138143&utmhn=www.graphus.ai&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Clever%20Phishing%20Attacks%20using%20Microsoft%20Forms%20Detected%20by%20Graphus%20-%20Graphus&utmhid=689824755&utmr=-&utmp=%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F&utmht=1610492414268&utmac=_your_tracking_code_here_&utmcc=__utma%3D9347427.334689967.1610492413.1610492413.1610492413.1%3B%2B__utmz%3D9347427.1610492413.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1039499325&utmredir=1&utmmt=1&utmu=jAAAAAAAAAAAAAAAAAABgAAE~

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 23:00:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.graphus.ai/	1970-01-19 15:21:34	Name: __hssc Value: 62118131.1.1610492414258
.graphus.ai/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.graphus.ai/	1970-01-20 00:43:08	Name: hubspotutk Value: 5d7b7b23b7bb1bc06db691cada2a127f
.graphus.ai/	1970-01-20 00:43:08	Name: __hstc Value: 62118131.5d7b7b23b7bb1bc06db691cada2a127f.1610492414257.1610492414257.1610492414257.1
.graphus.ai/	1970-01-20 00:07:08	Name: _msuuid_55316wt066540 Value: FADF54FE-D1C3-43D6-9960-F68F18D838FC
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_calltracker_type Value:
.graphus.ai/	1970-01-19 17:31:08	Name: _fbp Value: fb.1.1610492413556.1974861590
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_swap_target_number Value:
.graphus.ai/	1970-01-20 08:52:44	Name: __utma Value: 9347427.334689967.1610492413.1610492413.1610492413.1
.graphus.ai/	1970-01-19 15:21:32	Name: _gat_UA-92797871-1 Value: 1
.graphus.ai/	1970-01-19 15:22:58	Name: _uetsid Value: edbaca90552911eb86c64d81057cf857
.graphus.ai/	1970-01-19 15:21:32	Name: _gat Value: 1
.graphus.ai/	1970-01-19 17:31:08	Name: _gcl_au Value: 1.1.243433589.1610492413
.graphus.ai/	1970-01-19 19:44:20	Name: __utmz Value: 9347427.1610492413.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
www.graphus.ai/	1970-01-19 23:59:56	Name: pc_r Value:
.graphus.ai/	1969-12-31 23:59:59	Name: __utmc Value: 9347427
.graphus.ai/	1970-01-19 15:22:58	Name: _gid Value: GA1.2.1129262312.1610492413
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_replace_number Value:
.graphus.ai/	1970-01-20 08:52:44	Name: _ga Value: GA1.2.334689967.1610492413
.graphus.ai/	1970-01-19 15:21:34	Name: __utmb Value: 9347427.0.10.1610492413
.graphus.ai/	1970-01-19 15:44:56	Name: _uetvid Value: edbaf2f0552911eb9cdcbf427080fe69
.graphus.ai/	1970-01-19 16:04:44	Name: __cfduid Value: d5b50a9aeab59450745ed0e6dc79d3c2c1610492412
www.graphus.ai/	1970-01-19 23:59:56	Name: pc_lp Value: https%3A%2F%2Fwww.graphus.ai%2Fclever-phishing-attacks-using-microsoft-forms-detected-by-graphus%2F
www.graphus.ai/	1970-01-20 00:07:08	Name: pc_uuid Value: efb4a487d9d65bd4abd39aea31d452d5
www.graphus.ai/	1970-01-23 06:57:32	Name: mtsnb_lastvisit_posts Value: %5B6683%2C2%5D
www.graphus.ai/	1970-01-23 06:57:32	Name: mtsnb_lastvisited Value: 1610471261
www.graphus.ai/	1969-12-31 23:59:59	Name: pc_sr Value:

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://mk0graphus6hi9e9iec2.kinstacdn.com/wp-content/plugins/pronto-sidebar-navigation/js/jquery.flexnav.js?ver=4.0(Line 4) Message: 1600

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubspot.com
app.hubspot.com
app.prontomarketing.com
bat.bing.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.usemessages.com
mk0graphus6hi9e9iec2.kinstacdn.com
px.ads.linkedin.com
snap.licdn.com
ssl.google-analytics.com
stats.g.doubleclick.net
track.hubspot.com
tracker.marinsm.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.graphus.ai
142.250.74.194
2606:4700:20::681a:625
2606:4700:20::ac43:47f2
2606:4700::6810:125e
2606:4700::6811:47b0
2606:4700::6811:80ab
2606:4700::6811:d4cc
2606:4700::6811:eecc
2606:4700::6812:14bf
2606:4700::6813:9b53
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:800::2004
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:818::2003
2a00:1450:4001:81d::2008
2a00:1450:4001:821::200a
2a00:1450:400c:c0c::9b
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
2a0b:4d07:101::1
99.84.144.4
0958ba35b21b26b485d3618720ca7195f581f668eb669e13ad1dbd539f5bd6cc
0c103ae844c36c58f5947f4ffac0ef3edf1d447d0650fe33437071d3e13645ca
0c4a8449812bdaa9eb7ad78d92bc5a7a8b9071a71e93c943168db33daa0b35b3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
120aaf6681ca6d34a40c559779f0a0038582a79fce1b868ff901c94d27c89c72
124464c13e32b959d11d242e255edc0b27a09e164395fa248811770b44b0109c
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1603064e2edd4b76a3a5a0e970b1b756000cfe0937c320cb6f223a08b43df0b2
1cbda21998b65e08a7e936114cabd7f7783d0f590dd6efdd58c7faa8b6e7b9aa
1cd4b18f8fddf16ca9c669a335248863f3d8c07cedcce7a01d9ca2002a10d2e9
1f188c3017f993444dc8c267139cd5dd9466e29b181ace0f310933aa9c704851
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d8747d26eba68a46f768d99eebf4b4624a37b2a3bd83d4a6934939e62846972
2dc22200f64ece18c1413668318154e28f312752a9fcf9d989b8bfccf95632d0
2dc92af1aaaf0954db15cf0efbaaf2666836b12eaa76463a12bc05b9a3933eca
2fbacad2354886b82e0df0234b9bf892c720805353e10510f352ecd070d6f557
36ad0edaf88cb19e7cbdae22470c1f124f02fd5673bf6144c0a7a9f0a8fef987
36d80c738c6cd18bac18bf802dc6e377bdce7e53bdcf8c480dfb2479a99e298a
3e799d21e1116a135fcd10c071506f34b99cf79d93b5548199e1376f88b62434
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4c6d5ac4c77a0cd4dcae820b87afd1ee0b18a72bf0dd8f7de168fd307ac47041
4d5f2599036b1712e667cef385c06899b50d259f731531a12fe8b1e1789df860
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
50de09b0bb8d0ac656aa9b3a1e4ef58a3f2d1abd734cad68b0e12191e9d215ea
5302d7ef47b197c6cc07e5db5152dcce3b6886ac18f727875fe78ba8e8129224
54d21b0676784d0c983bbd4093898770adefa932d89b72c8afd88183a19172a7
57d7a5b4baf5112c85fd5be59369f9a0158e727e679c726158095abaea3b11b8
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
636018f811bfbce8cab219d03ac80cfa82ef88786f61c66057c4288923a8957f
63d934bcb48d56ec401df6f62c0c5d65143b9498156c568d69a9641faf319feb
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
78b7e339a157dcfd478816c0b11e30b622716c383308390e49b9882c011881ab
7a5417e5f6ca399b82350e9af08a68bf070facbad05754a61728b5eef22bb513
7e74fb04398bed2d71dfcaa2b82bd3a80de47030039ed913b979fcb854279f43
801ad457ff9fe95e0eac0ba1303f3a12b0cd144482030d3d0a6b171e8fe106a2
80cf7fc74cf2cb9eab4f78fef7ed7cd7d4370c66b6129ffbd8f2c6ca66e5b6e8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8511276a27014cf836b9ebaecd1e2ac49619482c9bcc3d0a080b56e64133348a
865621ac5f128903e5ff1561805a16ce4fd20938f62a4a6807876f78a6f0b92d
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
96d33f532112177ede6bf262dcf6d0140dbe29f05a4595d17b0be4743205b5ea
a257396a255bd839a4cbf9880aba23a6180107c2d1ca34c88a6aa22666bc86f5
a5307da44321773c9f46b34d756dcbd6cd427238e5cbad91cd2cf151513ec283
a7b2e1537b7079e60fb9dfcdbd61c6310175a945014fa282c532a113c7cc5451
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
a9261574e7afe310f6aad5c96c0fddd7a080e71839332d620348e98d0badcc14
ad9e4318a5ffb02d153a7275ddc2a55a896e412e4c95e0cb48365b4c99501413
b2724c5c9101f3ff26dae3f9dbcdd60b4ceb05a96c42b4c2e1f44d41646655a2
b2b9451a76a7231691850ca82d6d0f0b20bfc29bd268af6acf6a4d34891c6dac
b4a712748e001f973330b7a2f0087e68251839a5fb9160de94b48ce5102f9425
b55616e4eada60d4e94a044efa03f45c3550056a0e93a55a993b0b85a7e7689b
b8e149178358873942c6a434f9ae62dd952769a87c2abdf7e659c129acd398fd
bbe3bd0cb79c46e8c538921ca15b8ed864fb7a269e8378347e34f2af3b23cdf7
bc1f1d4f5acdfb2810a3f9f9a59e5e4c61949be5d662010cafa0569d256a4ba5
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f
bed0bd033705c33f1742d8fab2bfed8e945567319fd00e529838392eca49eac0
c054e7179817217fc8dc7d9812897b840a016435ff2d1f9fab86c8e50c20054b
c9b302155b6a82a3f166cf2e7f045a04d4fec13444ce93186fcbc72917a6e0cc
cb42e7757a6c0bbf6da57ebcdaa34f6baab5aa0588d07b448cc2af5257be4a79
cdc21e1d1c0a67812e193214ac25750e86d3e7d203ceece71cad72c0be2ca40c
cf9b3dd14557f08a03eca5a43cf8cf8574c1d26db5f40a702b72155e2ab09aee
da3b53cad6493e4bc3ebc4119f4ac0aaa836719a62badf32047a78efb5a794b0
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcc909dfd149ca19089d4203f5c47525c05a218e19e84dcb706db7059b7f4755
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0c3673eabdeb4f3b582d8b63b9743a1e8cac6525a1c1be066c863eb616b559c
e0cf6df0a8d235ad3220663bab035da5a790b064df4bfed4a36db73c383f354b
e1ec254792b6fe5cb168d2ce9cb1e35d15311d3b357b305a95cbfb12552477d0
e290fbd155b3f770ccd65e55e4fb0fc73ec3c7a4e393829ccd8ad0062a9ca280
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a7af0f19adf1cf7d67e8fbecad6713ec9cde539f7dc5d134544366679e521
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e61e0b80cd3767298e5322977fc9ed14c4799f72dcdaa98b9da15e715c1dae4b
e9ca5fddaf78fad286d8d0c756897ec0ef451c412f43041761372a3d72a2b82d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f430b2a77635a22fa47e90dbcfffb6e2bd754c387bfb4fd4ea1e2b65729678cc
f49cf987c70df95fda53db7399991e76854f8c5364a61d1b4532073ac60390da
f8bd598e9a7cb4a743d02b5106fff15bfb2a83a15ddf612b6e7345ac78ba88ef
fce0bd114c6868f5f6f9bbbba133543eae9fb06b3e30079a66234ebf5c1c1ca1

www.graphus.ai Open in urlscan Pro 2606:4700:20::ac43:47f2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

93 Requests

100 %HTTPS

92 %IPv6

24 Domains

29 Subdomains

26 IPs

6 Countries

1175 kBTransfer

2654 kBSize

27 Cookies

6 Outgoing links

Redirected requests

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.graphus.ai Open in urlscan Pro
2606:4700:20::ac43:47f2 Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

100 %
HTTPS

92 %
IPv6

24
Domains

29
Subdomains

26
IPs

6
Countries

1175 kB
Transfer

2654 kB
Size

27
Cookies

93 HTTP transactions
0 data transactions