threatvector.cylance.com Open in urlscan Pro
35.163.241.233 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Submission: On July 22 via api (July 22nd 2020, 7:59:45 pm UTC) from US

Summary HTTP 108 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 40 IPs in 8 countries across 40 domains to perform 108 HTTP transactions. The main IP is 35.163.241.233, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is threatvector.cylance.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 12th 2019. Valid for: a year.

This is the only time threatvector.cylance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	35.163.241.233 35.163.241.233	16509 (AMAZON-02) (AMAZON-02)
11	2a02:26f0:6c0... 2a02:26f0:6c00:28e::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE)
1	104.16.93.80 104.16.93.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2)
9	2a02:26f0:6c0... 2a02:26f0:6c00:284::9b6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:824::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
2	34.240.64.134 34.240.64.134	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	68.232.35.12 68.232.35.12	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE)
1	3.248.37.251 3.248.37.251	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	172.217.16.162 172.217.16.162	15169 (GOOGLE) (GOOGLE)
1	143.204.202.73 143.204.202.73	16509 (AMAZON-02) (AMAZON-02)
1	15.236.175.233 15.236.175.233	16509 (AMAZON-02) (AMAZON-02)
1 3	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:814::2002	15169 (GOOGLE) (GOOGLE)
1	143.204.202.63 143.204.202.63	16509 (AMAZON-02) (AMAZON-02)
2 2	52.212.22.61 52.212.22.61	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.202.106 143.204.202.106	16509 (AMAZON-02) (AMAZON-02)
1 6	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS)
15 18	63.32.63.32 63.32.63.32	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 2	52.59.138.183 52.59.138.183	16509 (AMAZON-02) (AMAZON-02)
1 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	64.202.112.127 64.202.112.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.29.22.19 52.29.22.19	16509 (AMAZON-02) (AMAZON-02)
1 2	18.196.197.177 18.196.197.177	16509 (AMAZON-02) (AMAZON-02)
1 2	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.245.222 35.244.245.222	15169 (GOOGLE) (GOOGLE)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
108	40

29 35.163.241.233 (Boardman, United States)

ASN16509 (AMAZON-02, US)

threatvector.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:26f0:6c00:28e::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.93.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-sj16.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2, US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:6c00:284::9b6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

s7d2.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.240.64.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.232.35.12 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.37.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

cylance.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.73 (Seattle, United States)

ASN16509 (AMAZON-02, US)

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)

cylance.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.63 (Seattle, United States)

ASN16509 (AMAZON-02, US)

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.22.61 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.202.106 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.233.40 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 63.32.63.32 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02, US)

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.138.183 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.127 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.22.19 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.197.177 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.15 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.245.222 (Mountain View, United States)

ASN15169 (GOOGLE, US)

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	cylance.com threatvector.cylance.com	500 KB
23	adroll.com 15 redirects s.adroll.com d.adroll.com	30 KB
11	adobedtm.com assets.adobedtm.com	65 KB
9	scene7.com s7d2.scene7.com	991 KB
4	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
4	doubleclick.net 2 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	3 KB
4	bizible.com cdn.bizible.com	35 KB
4	gstatic.com fonts.gstatic.com	49 KB
3	yahoo.com 1 redirects ups.analytics.yahoo.com ads.yahoo.com	2 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	google.de www.google.de	320 B
3	google.com 1 redirects www.google.com	617 B
3	demdex.net dpm.demdex.net cylance.demdex.net	2 KB
2	openx.net 1 redirects us-u.openx.net	480 B
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1008 B
2	3lift.com 1 redirects eb2.3lift.com	737 B
2	outbrain.com 1 redirects sync.outbrain.com	831 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	816 B
2	facebook.net connect.facebook.net	167 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	googleadservices.com www.googleadservices.com	23 KB
2	bing.com bat.bing.com	8 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	rawgit.com cdn.rawgit.com	5 KB
1	facebook.com www.facebook.com	378 B
1	rlcdn.com idsync.rlcdn.com	42 B
1	taboola.com sync.taboola.com	216 B
1	pubmatic.com simage2.pubmatic.com	1010 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	omtrdc.net cylance.sc.omtrdc.net	396 B
1	demandbase.com tag.demandbase.com	15 KB
1	licdn.com snap.licdn.com	2 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	ytimg.com s.ytimg.com	31 KB
1	youtube.com www.youtube.com	920 B
1	marketo.com app-sj16.marketo.com	68 KB
1	googleapis.com fonts.googleapis.com	630 B
108	40

	Domain	Requested by
29	threatvector.cylance.com	threatvector.cylance.com
17	d.adroll.com	14 redirects threatvector.cylance.com
11	assets.adobedtm.com	threatvector.cylance.com
9	s7d2.scene7.com	threatvector.cylance.com
6	s.adroll.com	1 redirects threatvector.cylance.com
4	cdn.bizible.com	threatvector.cylance.com cdn.bizible.com
4	fonts.gstatic.com	app-sj16.marketo.com threatvector.cylance.com
3	px.ads.linkedin.com	1 redirects threatvector.cylance.com
3	www.google.de	threatvector.cylance.com
3	www.google.com	1 redirects threatvector.cylance.com
2	us-u.openx.net	1 redirects
2	ib.adnxs.com	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	pixel.advertising.com	2 redirects
2	connect.facebook.net	s.adroll.com connect.facebook.net
2	segments.company-target.com	1 redirects threatvector.cylance.com
2	match.prod.bidr.io	2 redirects
2	googleads.g.doubleclick.net	threatvector.cylance.com
2	www.googleadservices.com	threatvector.cylance.com assets.adobedtm.com
2	bat.bing.com	threatvector.cylance.com
2	www.google-analytics.com	1 redirects threatvector.cylance.com
2	dpm.demdex.net	threatvector.cylance.com
2	cdn.rawgit.com	threatvector.cylance.com
1	www.facebook.com
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com
1	sync.taboola.com
1	ads.yahoo.com
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	d.adroll.mgr.consensu.org	1 redirects
1	api.company-target.com	threatvector.cylance.com
1	www.linkedin.com	1 redirects
1	cylance.sc.omtrdc.net	threatvector.cylance.com
1	tag.demandbase.com	threatvector.cylance.com
1	snap.licdn.com	threatvector.cylance.com
1	stats.g.doubleclick.net	1 redirects
1	cm.everesttech.net	1 redirects
1	cylance.demdex.net	threatvector.cylance.com
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	threatvector.cylance.com
1	app-sj16.marketo.com	threatvector.cylance.com
1	fonts.googleapis.com	threatvector.cylance.com
108	47

This site contains links to these domains. Also see Links.

Domain
www.cylance.com
www.alex-ionescu.com
securelist.com
cylance.com
attack.mitre.org
shop.cylance.com

Subject Issuer	Validity	Valid
*.cylance.com DigiCert SHA2 Secure Server CA	`2019-06-12` - `2020-09-18`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
app-sj16.marketo.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
rawgit.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-03` - `2022-01-12`	2 years	crt.sh
*.scene7.com DigiCert SHA2 Secure Server CA	`2020-01-02` - `2021-04-02`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
io.bizible.com DigiCert SHA2 Secure Server CA	`2020-05-20` - `2022-02-18`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-06-30` - `2020-09-22`	3 months	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-05-14` - `2020-08-05`	3 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-05-27` - `2020-11-23`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-07-14` - `2020-08-28`	a month	crt.sh
*.taboola.com DigiCert ECC Secure Server CA	`2019-09-03` - `2020-09-10`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Frame ID: E23AB6EA13AE862FB242D9322A2265C4
Requests: 107 HTTP requests in this frame

Frame: https://cylance.demdex.net/dest5.html?d_nsid=0
Frame ID: 85DAFD27DBCC8FC885DDF954D4B16220
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+foundation[^>"]+css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

108
Requests

100 %
HTTPS

40 %
IPv6

40
Domains

47
Subdomains

40
IPs

8
Countries

2014 kB
Transfer

4456 kB
Size

2
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cylance.com/en-us/company/about-us/privacy-notice.html
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.cylance.com/
Title: Cylance.com

Search URL Search Domain Scan URL

URL: http://www.alex-ionescu.com/?p=300
Title: Heaven's Gate

Search URL Search Domain Scan URL

URL: https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Title: Kaspersky

Search URL Search Domain Scan URL

URL: http://cylance.com/en-us/platform/products/index.html
Title: BlackBerry Cylance

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1190/
Title: T1190

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1133/
Title: T1133

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1199/
Title: T1199

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/
Title: T1059

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1106/
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1068/
Title: T1068

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1089/
Title: T1089

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1486/
Title: T1486

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1490/
Title: T1490

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/index.html
Title: Who We Are

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/resources/knowledge-center/index.html
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/news.html
Title: Cylance News

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/press-releases.html
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/terms-of-service.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/index.html
Title: CylancePROTECT

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/products/our-products/optics.html
Title: CylanceOPTICS

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/cylance-threatzero.html
Title: Cylance ThreatZERO

Search URL Search Domain Scan URL

URL: https://shop.cylance.com/us
Title: Cylance Smart Antivirus

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/services/left-structure-nav/overview/consulting.html
Title: Consulting Overview

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/solutions/industry/index.html
Title: Industry Overview

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61

https://cm.everesttech.net/cm/dd?d_uuid=87173286149486182461616607691404894725 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XxiangAABBRsChTJ

Request Chain 62

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1315268701&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&ul=en-us&de=UTF-8&dt=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAAB~&jid=1083468922&gjid=1950144757&cid=1473632810.1595447967&tid=UA-33464378-1&_gid=927872649.1595447967&_r=1&z=2055374406 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_gid=927872649.1595447967&gjid=1950144757&_v=j83&z=2055374406 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406&slf_rd=1&random=420003200

Request Chain 70

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252Fthreat-spotlight-sodinokibi-ransomware.html%26time%3D1595447967173%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173&liSync=true

Request Chain 77

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ&verifyHash=e72b2d0ffae325ed85330d14782b14fb2b8a4655

Request Chain 84

https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 86

https://d.adroll.mgr.consensu.org/consent/iabcheck/OU3SUNRJWBHPTCY5X23OHE?_s=2a56535616a6e6247343721422518788&_b=2 HTTP 302
https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=2a56535616a6e6247343721422518788&_b=2

Request Chain 87

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&pv=61836412271.367935&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Request Chain 92

https://d.adroll.com/cm/aol/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-020ec7d3b836 HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-020ec7d3b836&verify=true

Request Chain 93

https://d.adroll.com/cm/index/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968&C=1

Request Chain 94

https://d.adroll.com/cm/n/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expires=365

Request Chain 95

https://d.adroll.com/cm/outbrain/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&rdrctExp=true

Request Chain 96

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 97

https://d.adroll.com/cm/r/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 98

https://d.adroll.com/cm/taboola/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

Request Chain 99

https://d.adroll.com/cm/triplelift/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 100

https://d.adroll.com/cm/b/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

Request Chain 101

https://d.adroll.com/cm/x/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

Request Chain 102

https://d.adroll.com/cm/l/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=4b1fe043a6b684b43dc849f6d3c6a510

Request Chain 103

https://d.adroll.com/cm/o/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510

Request Chain 104

https://d.adroll.com/cm/g/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Sx_gQ6a2hLQ9yEn208alEA HTTP 302
https://d.adroll.com/cm/g/in

108 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set threat-spotlight-sodinokibi-ransomware.html Show response
threatvector.cylance.com/en_us/home/ 118 KB
26 KB 928ms
331ms Document
text/html 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

e2e2b7071127028e806a86de11b427db630bfa4be49f0d36e14265f1089e1ea6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatvector.cylance.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=utf-8
Date: Wed, 22 Jul 2020 19:59:25 GMT
ETag: "1d73f-5aa965b789a00-gzip"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Last-Modified: Thu, 16 Jul 2020 22:14:00 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Set-Cookie: AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8103937592FB679C084F1DB4FBF9937A7A65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900 AWSELBCORS=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8103937592FB679C084F1DB4FBF9937A7A65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900;SECURE;SAMESITE=None
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 25747
Connection: keep-alive

GET
H/1.1 200
OK main.c111e1c7ce3f8444493d965a44cf071c.css
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 11 KB
3 KB 176ms
172ms Stylesheet
text/css 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.c111e1c7ce3f8444493d965a44cf071c.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

2736121756999c7c39ac6cfe2841c148d2191a686028bc3fc63f825479888676

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2cd8-5aa9617c29e00-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2384
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.5e8d3382f82b03b0bf3fea3024eecd61.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 288 KB
87 KB 686ms
341ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery.5e8d3382f82b03b0bf3fea3024eecd61.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "47f04-5aa9617d1e040-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK utils.7d1c4e1c54f4b3bce718f5d6a06ffd06.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 47 KB
11 KB 536ms
189ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/utils.7d1c4e1c54f4b3bce718f5d6a06ffd06.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

446cb2c77c2807618caf4de745e133e0893780c448f2ce8b1b0266f08f9dfc83

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "bccf-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 10636
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK granite.ed0d934d509c9dab702088c125c92b4f.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/ 10 KB
4 KB 523ms
175ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "28d6-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2974
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.d7602973233c4c7f80959aa5a7f2f4af.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 456 B
1 KB 524ms
171ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/jquery.d7602973233c4c7f80959aa5a7f2f4af.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6eb49924917abab026f80173e564b79d6e1b49b33b88052523ea8d1c6572f6a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "1c8-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 311
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK shared.d39a59051372bc8334750c33de87aac3.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 95 KB
19 KB 850ms
336ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/shared.d39a59051372bc8334750c33de87aac3.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b0f9adcfbbaf661b0ebbbc74099ccd3622917c4d7fff95d57b7c1993564ffe5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "17d62-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 18506
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.a6faafbeed24f5d40aaf367c778753ab.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 22 KB
7 KB 699ms
175ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.a6faafbeed24f5d40aaf367c778753ab.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6168b6a855d7e1160dfe320457f3a95adaf92305b27952b6f8eb22d48751d1b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "56fe-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 6237
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK cylance-blogs.css
threatvector.cylance.com/etc/designs/ 0
780 B 351ms
176ms Stylesheet
text/css 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/designs/cylance-blogs.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Oct 2017 04:24:09 GMT
Server: Apache
Date: Wed, 22 Jul 2020 19:59:25 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.d6fc6f0b35c968dde40b02af38f21447.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 154 KB
26 KB 721ms
382ms Stylesheet
text/css 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2685c-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 25287
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK dependencies.d41d8cd98f00b204e9800998ecf8427e.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 0
798 B 513ms
171ms Stylesheet
text/css 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.d41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
ETag: "0-5aa9617d1e040"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 0
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:25 GMT
Vary: User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js Show response
assets.adobedtm.com/ 149 KB
46 KB 23ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: AkamaiNetStorage
etag: "5aebb26c4d05b067a5277a6a715dfbac:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 46918
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
630 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 22 Jul 2020 19:59:25 GMT
server: ESF
date: Wed, 22 Jul 2020 19:59:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 22 Jul 2020 19:59:25 GMT

GET
H2 200 forms2.min.js Show response
app-sj16.marketo.com/js/forms2/js/ 203 KB
68 KB 232ms
32ms Script
application/x-javascript 104.16.93.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.93.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30b92b1d67692c95ef6d322b21cb9e0c2f7d5a4c68c05b4e3e3e87489ec41309

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2585
status: 200
cf-request-id: 0419b50f6e0000fa58bc8e8200000001
last-modified: Sat, 06 Jun 2020 07:00:52 GMT
server: cloudflare
etag: "14e0f36-32dcc-5a764f037b527"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 5b6fbdf8beacfa58-AMS
expires: Wed, 22 Jul 2020 23:59:25 GMT

GET
H2 200 featherlight.min.css
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 2 KB
1 KB 61ms
19ms Stylesheet
text/css 151.139.237.11
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"817cdef4a8ec3dc545361453f69e4209a3c4d809"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 fig3-sodinokibi-sml
s7d2.scene7.com/is/image/cylance/ 162 KB
163 KB 174ms
156ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig3-sodinokibi-sml?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: 75795949ed66c0f8b5c0ef927cd3aff358f9aac175f6789fb6b15789127731a5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:36:47 GMT
server: Unknown
etag: "2ceb9d334b44b60a0336119dba077d3a"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 166334
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 fig12-sodinokibi
s7d2.scene7.com/is/image/cylance/ 205 KB
205 KB 216ms
199ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig12-sodinokibi?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: ccea349d73237232bc08a12695a59a5f873dda2b2e404cb9c6f11d9dd5806c3e

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:44:09 GMT
server: Unknown
etag: "e245e6438e9a1811a77271b1883db4a9"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 209570
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 fig18-sodinokibi
s7d2.scene7.com/is/image/cylance/ 10 KB
10 KB 184ms
167ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig18-sodinokibi?&wid=364&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: be8cca389c01246f49f19f6ac92da85c6627a35fd93c9939bcfc31639bdcc1a1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:46:32 GMT
server: Unknown
etag: "895ac0d8b5b287f1b75b22e06f2dec9b"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 10187
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 fig21-sodinokibi-sml
s7d2.scene7.com/is/image/cylance/ 126 KB
126 KB 183ms
166ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig21-sodinokibi-sml?&wid=1200&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: f15d14a948d5d97372a945a80c61612fe768a1c1e19de1f9067c4cabff78becd

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:51:52 GMT
server: Unknown
etag: "fe9de96ae992ee67c903371c595ab410"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 128901
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 fig23-sodinokibi
s7d2.scene7.com/is/image/cylance/ 56 KB
57 KB 140ms
124ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig23-sodinokibi?&wid=1021&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: 23724b86dbc7b32cc5d06808497eea737be1a796b2216500227d6eff4538a2f5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:56:20 GMT
server: Unknown
etag: "c62d2c9ae4c056ea8b1ed4c3c36db5a8"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 57823
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 fig24-sodinokibi
s7d2.scene7.com/is/image/cylance/ 345 KB
346 KB 187ms
170ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig24-sodinokibi?&wid=1090&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: 3f6a6acd91f9753a79f660d84d20e0417cf70ae34132eca9178a70fcca591fc2

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 19:59:12 GMT
server: Unknown
etag: "e7e9de180a2bdd7c0b427d76ade86850"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 353347
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H/1.1 200
OK author_thumbnail_default.jpg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/ 2 KB
3 KB 175ms
174ms Image
image/jpeg 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/author_thumbnail_default.jpg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:26 GMT
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
ETag: "8d7-5aa9619aae600"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 2263
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cylance_BB_Logo_RGB_Horz_Black.png
threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/ 19 KB
19 KB 179ms
178ms Image
image/png 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/Cylance_BB_Logo_RGB_Horz_Black.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
ETag: "4aaf-5aa9617d1e040"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 19119
Date: Wed, 22 Jul 2020 19:59:26 GMT

GET
H/1.1 200
OK dependencies.390bb07ca92c24f469ae6ec53bbf3e1e.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 890 KB
198 KB 192ms
190ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.390bb07ca92c24f469ae6ec53bbf3e1e.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

e05aeb1eebccdbf3f63a449bf15f18d3ca7c2c16d42d9ca698f5cd5a917912de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "de794-5aa9617d1e040-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.97c9aac6ee7df8531607278a78c5c231.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 236 KB
63 KB 187ms
187ms Script
application/javascript 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.97c9aac6ee7df8531607278a78c5c231.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3b09d-5aa9617d1e040-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 featherlight.min.js Show response
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 9 KB
4 KB 22ms
19ms Script
application/javascript 151.139.237.11
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2, US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"2f5a26ba5509a7f0235bf1f53ed375289bfc91bd"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H/1.1 200
OK token.json Show response
threatvector.cylance.com/libs/granite/csrf/ 2 B
787 B 182ms
182ms XHR
application/json 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/libs/granite/csrf/token.json

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Date: Wed, 22 Jul 2020 19:59:26 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: keep-alive
Content-Type: application/json;charset=iso-8859-1
Cache-Control: no-cache
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com

Response headers

date: Fri, 12 Jun 2020 20:29:17 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:34 GMT
server: sffe
age: 3454209
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12344
x-xss-protection: 0
expires: Sat, 12 Jun 2021 20:29:17 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 15ms
5ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com

Response headers

date: Wed, 10 Jun 2020 22:09:48 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:52 GMT
server: sffe
age: 3620978
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12524
x-xss-protection: 0
expires: Thu, 10 Jun 2021 22:09:48 GMT

GET
H/1.1 200
OK mainLogo_rgb_h_white.png
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/ 10 KB
11 KB 185ms
184ms Image
image/png 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/mainLogo_rgb_h_white.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:26 GMT
Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
ETag: "2808-5aa9617d1e040"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 10248
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main_search_close.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 938 B
1 KB 194ms
170ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_close.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3aa-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 491
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main_search_icon.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
1 KB 280ms
193ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_icon.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "594-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 070319-sodinokibi-lrg
s7d2.scene7.com/is/image/cylance/ 74 KB
75 KB 208ms
207ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/070319-sodinokibi-lrg?&wid=1280&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: f641976030ca6cfe00221906bb08f0536067a28075027a3186adb9a5af536558

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Wed, 03 Jul 2019 17:06:54 GMT
server: Unknown
etag: "c16d252139c6c620f229b2b17f340a2b"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 76240
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 000-InSecurity-Podcast-LRG
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 202ms
201ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: 62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Thu, 11 Apr 2019 19:54:05 GMT
server: Unknown
etag: "dd3973310906a18966ce86729e8f6c75"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 4371
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 052220-andromeda-botnet-lrg
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 306ms
305ms Image
image/jpeg 2a02:26f0:6c00:284::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/052220-andromeda-botnet-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:284::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Unknown /
Resource Hash: 10bf2c35a6984e80f9065939e9951bfab7cd8b4773a433b156fecee48db2e0d1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
last-modified: Fri, 22 May 2020 16:30:30 GMT
server: Unknown
etag: "a1075f99814eab5e7acdfeb535bb6343"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 4068
expires: Thu, 23 Jul 2020 05:59:26 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com

Response headers

date: Thu, 11 Jun 2020 16:36:02 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:18 GMT
server: sffe
age: 3554604
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12260
x-xss-protection: 0
expires: Fri, 11 Jun 2021 16:36:02 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com

Response headers

date: Wed, 15 Jul 2020 23:48:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:27 GMT
server: sffe
age: 591079
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12276
x-xss-protection: 0
expires: Thu, 15 Jul 2021 23:48:07 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
920 B 22ms
21ms Script
application/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

219b5114b3b7b8fa3311533b95a4bbf86fe3550ce0f4b13e4c2cb2ff5fdc5490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H/1.1 200
OK footer_social_icons_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 179ms
179ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "6d1-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 775
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_youtube.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 6 KB
3 KB 193ms
189ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_youtube.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "16d2-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2247
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 192ms
189ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "7d3-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 1002
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 194ms
193ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "714-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 803
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_rss.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 192ms
192ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_rss.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "719-5aa9617d1e040-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 827
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:05 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 366 B
1 KB 157ms
39ms XHR
application/json 34.240.64.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1595447966583

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.64.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

5faa324b2664693ce8c2115e3e440a9e736ef0549dee4cd6893cfc717375eb15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v075-0b4097ae4.edge-irl1.demdex.com 5.74.0.20200706134429 3ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: F+BccuAISM4=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatvector.cylance.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 304
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/ 34 KB
13 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: Apache /
Resource Hash: 7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Mon, 15 Apr 2019 20:43:53 GMT
server: Apache
etag: "f005ac758d3bc63fa30fe4a4bd80448d:1555361033"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12786
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 5144
date: Wed, 22 Jul 2020 18:33:42 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Wed, 22 Jul 2020 20:33:42 GMT

GET
H2 200 RC03553916c50b4787a671e14ccf605715-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 695 B
652 B 41ms
41ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC03553916c50b4787a671e14ccf605715-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: AkamaiNetStorage
etag: "d9f372492adb73ae3b7bff0cf0a90587:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 26 KB
8 KB 52ms
50ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref: Ref A: DD93124AA4564790810071FA0C18FE18 Ref B: FRAEDGE1316 Ref C: 2020-07-22T19:59:26Z
status: 200
etag: "0e0bdafab5bd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8022

GET
H2 200 RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
782 B 41ms
39ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: AkamaiNetStorage
etag: "eababff33cad8c9e414fb875be462778:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 541
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
906 B 41ms
39ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: AkamaiNetStorage
etag: "6d94ea62691631fbad7ebecdcc6e04c3:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 666
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 RCe330e30c9b774f238563c2f0317b145b-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 654 B
631 B 42ms
40ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCe330e30c9b774f238563c2f0317b145b-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: AkamaiNetStorage
etag: "cba2baa21d2761515a7b772732db4812:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 87 KB
34 KB 92ms
20ms Script
application/x-javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA7) /
Resource Hash: 88f3613cc7a3e8c61b186ee57a7756866d403c26ff2daa58f4c7583a7523f0c2

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Mon, 13 Jul 2020 21:26:38 GMT
server: ECS (amb/6BA7)
age: 422444
etag: "6185eb4a5c59d61:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 34196

GET
H/1.1 200
OK share_bar_icon_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 177ms
175ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "809-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 876
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 177ms
176ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "8c8-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 1062
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_google.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 189ms
187ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_google.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "829-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 867
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 188ms
186ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "771-5aa9619ba2840-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 796
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_email.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
1 KB 188ms
186ms Image
image/svg+xml 35.163.241.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_email.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.163.241.233 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "49c-5aa9619aae600-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 682
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 16 Jul 2020 21:55:36 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Wed, 22 Jul 2020 19:59:26 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 460 B
494 B 42ms
4ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: AkamaiNetStorage
etag: "eb0abeded1d23a64ed81155c95cbb867:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 254
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 RC795343619189407bb257bf77f37e4f32-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 458 B
491 B 44ms
5ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC795343619189407bb257bf77f37e4f32-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: AkamaiNetStorage
etag: "6c8d0a2b5eadfc79c1cea9bda4c63d3f:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 252
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 RCa7a45d271f51412293463f49427635d0-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 472 B
506 B 32ms
11ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCa7a45d271f51412293463f49427635d0-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: AkamaiNetStorage
etag: "1cd1f676e57143bd85e5f21bdd4785bb:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 265
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflstrBN7/ 87 KB
31 KB 32ms
12ms Script
text/javascript 2a00:1450:4001:814::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflstrBN7/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb31ea8632a96b3f36c3ebc93a7270dd6a690d378cb11843c810553eaf120be2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 20 Jul 2020 06:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221529
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32056
x-xss-protection: 0
last-modified: Mon, 20 Jul 2020 04:05:28 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 28 Jul 2020 06:27:17 GMT

GET
H/1.1 200
OK Cookie set dest5.html
cylance.demdex.net/ Frame 85DA 0
0 299ms
85ms Document
text/html 3.248.37.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cylance.demdex.net/dest5.html?d_nsid=0

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.37.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: cylance.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=87173286149486182461616607691404894725
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 07 Jul 2020 08:54:39 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=87173286149486182461616607691404894725;Path=/;Domain=.demdex.net;Expires=Mon, 18-Jan-2021 19:59:27 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: +BA+aXDvTPs=
Content-Length: 2785
Connection: keep-alive

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XxiangAABBRsChTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=87173286149486182461616607691404894725
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XxiangAABBRsChTJ

42 B
915 B

85ms
71ms

Image
image/gif

34.240.64.134
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XxiangAABBRsChTJ

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.240.64.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v075-018aef418.edge-irl1.demdex.com 5.74.0.20200706134429 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: oiI/vG/AQkU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 22 Jul 2020 19:59:26 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XxiangAABBRsChTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1315268701&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&ul=en-us&de...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_gid=927872649.1595447967&gjid=1950144757&_v=j83&z=2055374406
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406&slf_rd=1&random=420003200

42 B
106 B

17ms
17ms

Image
image/gif

2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406&slf_rd=1&random=420003200

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1473632810.1595447967&jid=1083468922&_v=j83&z=2055374406&slf_rd=1&random=420003200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 83ms
7ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:26 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64750
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 31 KB
11 KB 92ms
86ms Script
text/javascript 172.217.16.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97651707b0ce18ff3ef4c0ac9dba90b63615fbfd6bc5b650da180f77099305f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11647
x-xss-protection: 0
server: cafe
etag: 1408120887153915613
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 22 Jul 2020 19:59:26 GMT

GET
H2 200 6e7b478b.min.js Show response
tag.demandbase.com/ 57 KB
15 KB 523ms
400ms Script
application/javascript 143.204.202.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e7b478b.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.73 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a71f0a1b063404b62d2e3cc3c9b18469bb0d879608b78cb08680855109b8603

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:28 GMT
content-encoding: gzip
last-modified: Sat, 11 Jul 2020 16:52:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: it8JOeVkcZV2UWzAr2sH8WHVKGEpZDlH
status: 200
cache-control: public, max-age=3600
content-type: application/javascript; charset=utf-8
x-amz-cf-id: aW_pM6CxJtFDfOHTtb1Pu_DO3NlLMYrFzvqJZcWo7VzspPInweh26g==
via: 1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)

GET
H2 204 0
bat.bing.com/action/ 0
93 B 85ms
85ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5637515&tm=al001&Ver=2&mid=e7da6ba1-1812-db72-a373-1d88158465ff&sid=ee3e8ba2d31a3ab2a1eeb56b9496bc4d&vid=7bc12dba110c87c56650d20eb7a9ca00&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&kw=Threat%20Spotlight,%20BlackBerry,%20Cylance,%20Sodinokibi,%20Ransomware&p=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&r=&lt=2335&pt=1595447964403,,,,,0,1,77,77,597,92,597,928,930,931,2308,2308,2335,,,&pn=0,0&evt=pageLoad&msclkid=N&sv=1&rn=559012
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Wed, 22 Jul 2020 19:59:26 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 298B73BD6E1B4AD9BB0AF1B063E66D07 Ref B: FRAEDGE1316 Ref C: 2020-07-22T19:59:26Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 835 B
594 B 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: AkamaiNetStorage
etag: "3802beb763414589551c998a499408b3:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 353
expires: Wed, 22 Jul 2020 20:59:26 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
327 B 81ms
66ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=7a1e0bc99aa0435d934e2777f2f17ea8&_biz_s=2d12a0&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_biz_t=1595447967065&_biz_i=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&_biz_n=0&a=cylance.com&rnd=888986&cdn_o=a&_biz_z=1595447967070
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B75) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
last-modified: Fri, 17 Jul 2020 01:55:11 GMT
server: ECS (amb/6B75)
age: 497056
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 s69231071833915
cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/ 43 B
396 B 188ms
61ms Image
image/gif 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/s69231071833915?AQB=1&ndh=1&pf=1&t=22%2F6%2F2020%2021%3A59%3A27%203%20-120&mid=86721019080685262901642699698360765137&aamlh=6&ce=UTF-8&pageName=home%3Athreat-spotlight-sodinokibi-ransomware&g=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&cc=USD&ch=home&server=threatvector.cylance.com&events=event17&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=threatvector.cylance.com&h1=home%7Cthreat-spotlight-sodinokibi-ransomware&c2=2020-07-16%2022%3A14%3A00&v3=thursday&c4=12%3A59%20PM%7CWednesday&v4=12%3A59%20PM%7CWednesday&v6=home%3Athreat-spotlight-sodinokibi-ransomware&v7=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&c8=D%3Dv8&v8=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&c9=D%3Dv9&v9=en_us&c10=D%3Dv10&c11=New&v11=First%20Visit&v12=New&c16=1&c17=21&v17=21&v35=The%20Cylance%20Threat%20Research%20Team&v36=research-and-intelligence&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=2297E09A576BB9677F000101%40AdobeOrg&AQE=1

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
x-content-type-options: nosniff
x-c: master-1315.Ia06625.M0-426
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Thu, 23 Jul 2020 19:59:27 GMT
server: jag
xserver: anedge-7447d85976-njgjj
etag: 3426198420452638720-4614507420294124191
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Tue, 21 Jul 2020 19:59:27 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173&liSync=true

0
58 B

171ms
170ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173&liSync=true
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:27 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: kODfOHkrJBbg/UWIjCsAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: v1yKMnkrJBaAdzifoisAAA==
pragma: no-cache
x-li-pop: afd-prod-lor1
x-msedge-ref: Ref A: B0721A585D3E491394E3BA57202B4BF8 Ref B: FRAEDGE1308 Ref C: 2020-07-22T19:59:27Z
x-frame-options: sameorigin
date: Wed, 22 Jul 2020 19:59:27 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&time=1595447967173&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1595447967178&cv=9&fst=1595447967178&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

333269debd9ab7f69f25e30f896d2cfdb9490db7ebdba5a4da9595431e22678a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1033
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
519 B 127ms
126ms Script
text/javascript 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=7a1e0bc99aa0435d934e2777f2f17ea8&_biz_h=-1906410348&cdn_o=a&jsVer=4.20.06.05&a=cylance.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA3) /
Resource Hash: 58fea9a526019acbd608efcdf6fbe9896e4a1bbb10e01c6d44c5fbb0e0b730d3

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:26 GMT
content-encoding: gzip
server: ECS (amb/6BA3)
etag: D8B6F60B
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 325

GET
H2 200 u
cdn.bizible.com/m/ 43 B
121 B 20ms
19ms Image
image/gif 68.232.35.12
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=ecid&mapValue=2297E09A576BB9677F000101%40AdobeOrg_86721019080685262901642699698360765137&_biz_u=7a1e0bc99aa0435d934e2777f2f17ea8&_biz_s=2d12a0&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&_biz_t=1595447967075&_biz_i=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&_biz_n=1&a=cylance.com&rnd=259452&cdn_o=a&_biz_z=1595447967186
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.12 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BBE) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
last-modified: Fri, 17 Jul 2020 00:50:57 GMT
server: ECS (amb/6BBE)
age: 500910
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
151 B 60ms
59ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1595447967178&cv=9&fst=1595444400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&async=1&fmt=3&is_vtc=1&random=226366778&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
107 B 61ms
60ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1595447967178&cv=9&fst=1595444400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&async=1&fmt=3&is_vtc=1&random=226366778&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 435 B
943 B 147ms
100ms XHR
application/json 143.204.202.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&page_title=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&key=7535516323dadf7e3d35f603eaad6491&src=tag
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.63 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:27 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
status: 200
request-id: f90b0b65-18d4-4f9d-b400-4986c2f4c25d
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://threatvector.cylance.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 e7377cc861b31102786678df3616bf69.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DhRxcIa7a6O6GINk2KkDFNpAWnGOD1OlKLNeRDbVM_pwJJgKlVUkig==
expires: Tue, 21 Jul 2020 19:59:27 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ&verifyHash=e72b2d0ffae325ed85330d14782b14fb2b8a4655

26 B
409 B

208ms
207ms

Image
image/gif

143.204.202.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ&verifyHash=e72b2d0ffae325ed85330d14782b14fb2b8a4655
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.106 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:28 GMT
Via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf567.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 260f70c15bed9679
X-Amz-Cf-Id: tJtIWSUAY35lEggePKNUdmeXcyHPzBdhE2u1PI6-KYrBEPYRHWZWMg==

Redirect headers

Date: Wed, 22 Jul 2020 19:59:27 GMT
Via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf567.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAFLRk6-MTUAABIo6VN3QQ&verifyHash=e72b2d0ffae325ed85330d14782b14fb2b8a4655
Connection: keep-alive
trace-id: 1aedff6aa7a73f33
Content-Length: 0
X-Amz-Cf-Id: XYBJlfA0Dex5uXgxAO-HX7vIyUfHdDG0e5JugNwKf7fPceQwKdqz7g==

GET
H2 200 RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
907 B 21ms
20ms Script
application/x-javascript 2a02:26f0:6c00:28e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28e::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:28 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:23 GMT
server: AkamaiNetStorage
etag: "030fd508521493a75099bd78f60225e1:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 667
expires: Wed, 22 Jul 2020 20:59:28 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 30 KB
11 KB 34ms
34ms Script
text/javascript 172.217.16.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d00b100bca6ddea7af0ef559e6051eeaa3f59c732b586ac2495324cdd70dfc2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11554
x-xss-protection: 0
server: cafe
etag: 15723108647877884466
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 22 Jul 2020 19:59:28 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 37 KB
12 KB 77ms
26ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3a8953963fa7b23c98539cffff0383bbc690b1c5cb2d7606d7587e8d97576f1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: L9BzhVVCTaGjJD_idC_FHyNmm47X.qOI
Content-Encoding: gzip
ETag: "a28078ca8d6ce64f89e404c0280e6026"
x-amz-request-id: F1584D11D3DF2076
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11740
x-amz-id-2: R0qckMLsDtNZd3bPM5+PzN8LosP0qI9fkV3euHCPLby62maptTO7Uwlmc/LWpLx9CyYHGhKMgmU=
Last-Modified: Mon, 13 Jul 2020 19:18:58 GMT
Server: AmazonS3
Date: Wed, 22 Jul 2020 19:59:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:814::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1595447968326&cv=9&fst=1595447968326&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a286db047138c16adaa1b5a5817d5cdfce555086cc376b3abd31086c1d5c07d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1030
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
111 B 20ms
19ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1595447968326&cv=9&fst=1595444400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&fmt=3&is_vtc=1&random=2307051819&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
107 B 20ms
20ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1595447968326&cv=9&fst=1595444400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&tiba=Threat%20Spotlight%3A%20Sodinokibi%20Ransomware&fmt=3&is_vtc=1&random=2307051819&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

26ms
25ms

Script
application/javascript

2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Gq_Uupzq2k3J8S1dXTwhnfNaf5QBJsmG
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 6DA3B858CA52CB17
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: gfnzsO59CeuagxbgAisMWu9DREymVv4uXQD2nPQ9v20aEuLIg0QYUa4pESlmN5cUaaU43y8MWDE=
Last-Modified: Mon, 22 Jun 2020 19:39:19 GMT
Server: AmazonS3
Date: Wed, 22 Jul 2020 19:59:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 22 Jul 2020 19:59:28 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/ 0
773 B 76ms
27ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/index.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: ivuheefJiec5s_hTZCEdcS50rootzHNS
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 6877C953F554941B
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: MJF3Q0lAffs3Yl+EAilU4ehOi/MKieHzD12+4npiCEdb+qChXYQ4pwAUgIyUFFBXXzlX21/4HCc=
Last-Modified: Wed, 22 Jul 2020 08:10:04 GMT
Server: AmazonS3
Date: Wed, 22 Jul 2020 19:59:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/OU3SUNRJWBHPTCY5X23OHE?_s=2a56535616a6e6247343721422518788&_b=2
https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=2a56535616a6e6247343721422518788&_b=2

394 B
863 B

38ms
37ms

Script
application/javascript

63.32.63.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=2a56535616a6e6247343721422518788&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 376ee60ea7aaa472dfd22fbc48760e67b7c24e9043423c2cad9ee1aecf844538

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: application/javascript
content-length: 394

Redirect headers

status: 302
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE/?_s=2a56535616a6e6247343721422518788&_b=2

GET
H/1.1

200
OK

BMNOXKZHPFHPDK7ZYEXFSC.js Show response
s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/
Redirect Chain

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthr...
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

10 KB
4 KB

37ms
37ms

Script
text/javascript

2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: accd74a3a9dad47cee6546a7d4366c7b220635da19efd043ef7d33333d000643

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: ku5Ga50ptbdeGsa2.IsOmKSHx8oJBvQu
Content-Encoding: gzip
ETag: "9ad3b5a64eaa364a6789794dc2410a64"
x-amz-request-id: AFFF4F1AEED9E939
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 3020
x-amz-id-2: KfeGB+A/o41D9nCKNx2JcAefwmt7DAq6sGFgKlsvnpEMJIS005aRTpObwci83waDrEi+tVineX0=
Last-Modified: Tue, 21 Jul 2020 06:48:19 GMT
Server: AmazonS3
Date: Wed, 22 Jul 2020 19:59:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

date: Wed, 22 Jul 2020 19:59:28 GMT
x-segment-display-name: Blog
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 302
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.16.1
x-rule: *threatvector.cylance.com*
x-segment-eid: BMNOXKZHPFHPDK7ZYEXFSC
location: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: JFQUMKJ3NRFIFLRA5FOQKB
x-segment-name: a102ead2
x-advertisable-eid: OU3SUNRJWBHPTCY5X23OHE
x-conversion-currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f630c6ea4e44c35a93c0ee2950e68857311d9500d6025abe4a5db3ecaf270e3c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34220
x-xss-protection: 0
pragma: public
x-fb-debug: DOqvcGeETy6gyfJ3dTqn7NQGRLjJv5aTnLnNLH5epQVkrq0AiF+AXgRd9wpSWVa1zauaf15GD/dyuWSbaKoXWg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 22 Jul 2020 19:59:28 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 26ms
25ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: 75B93B99450D9821
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: LLXPK6WOd/JkL78v3IWpxVYE6WLY0eyso2S9SGWA5fuDVP/IFReKscAk0ef5FiAsTnpUaCbbaQA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
Date: Wed, 22 Jul 2020 19:59:28 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 user_attrs Show response
d.adroll.com/ 60 B
523 B 158ms
157ms Script
text/javascript 63.32.63.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/user_attrs?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xid_ch=f&advertisable_eid=OU3SUNRJWBHPTCY5X23OHE&keys_eid=4UON5JNDZJC7JIYU4Q8ATK&first_party=false&jsonp=__adroll._b2bPersonalizationDataCb
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 3af7ed1fbe4a5464890f5f4d40b52a6a0647b4b21dfb2cd491d1fa8e7f941ffa

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript
content-length: 60

GET
H2 200 /
px.ads.linkedin.com/collect/ 43 B
167 B 189ms
185ms Image
image/gif 2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect/?pid=2133314&fmt=gif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:28 GMT
content-encoding: gzip
server: Play
linkedin-action: 1
vary: Accept-Encoding
content-type: image/gif
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-length: 65
x-li-uuid: LwEFd3krJBZw+06IjCsAAA==
x-li-fabric: prod-lor1

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&...
https://pixel.advertising.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-02...
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-02...

0
977 B

27ms
27ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-020ec7d3b836&verify=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS/7.1.2.113 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:28 GMT
Server: ATS/7.1.2.113
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date: Wed, 22 Jul 2020 19:59:28 GMT
Server: ATS/7.1.2.113
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPd9dee043-cc55-11ea-86c5-020ec7d3b836&verify=true
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.htm...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968&C=1

43 B
1003 B

96ms
71ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Jul 2020 19:59:28 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 22 Jul 2020 19:59:28 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 22 Jul 2020 19:59:28 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expiration=1626983968&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Wed, 22 Jul 2020 19:59:28 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expires=365

0
239 B

126ms
36ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&expires=365
cache-control: no-store, no-cache, must-revalidate
content-length: 124

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware....
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&rdrctExp=true

0
476 B

96ms
95ms

Image
text/plain

64.202.112.127
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&rdrctExp=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.127 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 22 Jul 2020 19:59:29 GMT
Cache-Control: no-cache
X-TraceId: aa071acb5f963fc3323a1134f86d0cb
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&rdrctExp=true
Date: Wed, 22 Jul 2020 19:59:29 GMT
X-TraceId: b5e59d346493a07d3bde6c42372eef29
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware....
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
1010 B

113ms
26ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 22 Jul 2020 19:59:28 GMT
X-lat: Pug23028:0:488
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control: no-store, no-cache, must-revalidate
content-length: 220

GET
H2

502

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
0

7450ms
7416ms

Image
text/html

2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
cache-control: no-store, no-cache, must-revalidate
content-length: 165

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.h...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

0
216 B

73ms
19ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 204
tbl-x-upstream: 10.40.20.9:10213
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx
x-fastly-to-nlb-rtt: 3925

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
cache-control: no-store, no-cache, must-revalidate
content-length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomwar...
https://eb2.3lift.com/xuid?mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

25ms
25ms

Image
image/gif

52.29.22.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.22.19 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 22 Jul 2020 19:59:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status: 302
date: Wed, 22 Jul 2020 19:59:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://x.bidswitch.net/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

43 B
412 B

25ms
25ms

Image
image/gif

18.196.197.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.197.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 22 Jul 2020 19:59:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Wed, 22 Jul 2020 19:59:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://ib.adnxs.com/setuid?entity=172&code=NGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

43 B
1 KB

19ms
19ms

Image
image/gif

185.33.221.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.15 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 22 Jul 2020 19:59:31 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.42:80
AN-X-Request-Uuid: b6d3d004-8c21-4359-bde8-61844e0cca5a
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 22 Jul 2020 19:59:31 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 720.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.75:80
AN-X-Request-Uuid: d808cc26-00c0-4752-b715-6c5cbf72406d
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNGIxZmUwNDNhNmI2ODRiNDNkYzg0OWY2ZDNjNmE1MTA
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

451

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://idsync.rlcdn.com/377928.gif?partner_uid=4b1fe043a6b684b43dc849f6d3c6a510

0
42 B

168ms
165ms

Image
text/plain

35.244.245.222
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=4b1fe043a6b684b43dc849f6d3c6a510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.245.222 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 451
date: Wed, 22 Jul 2020 19:59:29 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:28 GMT
server: nginx/1.16.1
status: 302
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://idsync.rlcdn.com/377928.gif?partner_uid=4b1fe043a6b684b43dc849f6d3c6a510
cache-control: no-store, no-cache, must-revalidate
content-length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510

43 B
180 B

28ms
27ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.190.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:29 GMT
via: 1.1 google
server: OXGW/16.190.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Wed, 22 Jul 2020 19:59:29 GMT
via: 1.1 google
server: OXGW/16.190.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=4b1fe043a6b684b43dc849f6d3c6a510
alt-svc: clear
content-length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=612fe41decdd29bab0b8cd4ffae94b44-1595447968578&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&xi...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Sx_gQ6a2hLQ9yEn208alEA
https://d.adroll.com/cm/g/in

42 B
538 B

37ms
36ms

Image
image/gif

63.32.63.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.63.32 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:29 GMT
server: nginx/1.16.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status: 200
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Wed, 22 Jul 2020 19:59:29 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1792927231029740 Show response
connect.facebook.net/signals/config/ 522 KB
132 KB 72ms
69ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1792927231029740?v=2.9.22&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

86c2c6e126f00e7d3f6563f926e895f606de229acf99391f0bb8e8175e8dde52

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: gE59cyeF1jB8ttwa+UjiJfof4EnCyyry39TLKP9gtx2g4wj80jvHghrzgAutH4D9PVNGq2rWrRWioQ7MMyVOgA==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 22 Jul 2020 19:59:28 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
378 B 40ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1792927231029740&ev=PageView&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Fthreat-spotlight-sodinokibi-ransomware.html&rl=&if=false&ts=1595447968829&cd[segment_eid]=BMNOXKZHPFHPDK7ZYEXFSC&sw=1600&sh=1200&v=2.9.22&r=stable&ec=0&o=29&fbp=fb.1.1595447968828.1498529642&it=1595447968698&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 19:59:28 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 22 Jul 2020 19:59:28 GMT

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cylance.com/	1969-12-31 23:59:59	Name: s_ppv Value: home%253Athreat-spotlight-sodinokibi-ransomware%2C3%2C3%2C1200
			.cylance.com/	1969-12-31 23:59:59	Name: s_tp Value: 38414

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html(Line 247) Message: cookie not is active
console-api	log	(Line 2) Message: add----roll1
console-api	log	(Line 2) Message: add----roll2
console-api	log	(Line 2) Message: add----roll2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.yahoo.com
api.company-target.com
app-sj16.marketo.com
assets.adobedtm.com
bat.bing.com
cdn.bizible.com
cdn.rawgit.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cylance.demdex.net
cylance.sc.omtrdc.net
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
match.prod.bidr.io
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
s7d2.scene7.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
tag.demandbase.com
threatvector.cylance.com
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
x.bidswitch.net
104.16.93.80
141.226.228.48
143.204.202.106
143.204.202.63
143.204.202.73
15.236.175.233
151.139.237.11
172.217.16.162
18.196.197.177
185.33.221.15
185.64.190.80
2.18.233.40
2.18.234.21
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:f03d:1fa::4000
2a00:1450:4001:801::2003
2a00:1450:4001:808::200e
2a00:1450:4001:814::2002
2a00:1450:4001:814::200e
2a00:1450:4001:81d::2004
2a00:1450:4001:81d::200e
2a00:1450:4001:81f::200a
2a00:1450:4001:824::2003
2a00:1450:400c:c00::9a
2a02:26f0:6c00:284::9b6
2a02:26f0:6c00:28e::1e80
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.126.56.137
3.248.37.251
34.240.64.134
34.98.64.218
35.163.241.233
35.244.245.222
52.212.22.61
52.29.22.19
52.59.138.183
63.32.63.32
64.202.112.127
66.117.28.86
68.232.35.12
69.173.144.138
099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a
09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0
0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2
0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd
1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64
10bf2c35a6984e80f9065939e9951bfab7cd8b4773a433b156fecee48db2e0d1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
219b5114b3b7b8fa3311533b95a4bbf86fe3550ce0f4b13e4c2cb2ff5fdc5490
23724b86dbc7b32cc5d06808497eea737be1a796b2216500227d6eff4538a2f5
26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d
2736121756999c7c39ac6cfe2841c148d2191a686028bc3fc63f825479888676
2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e
30b92b1d67692c95ef6d322b21cb9e0c2f7d5a4c68c05b4e3e3e87489ec41309
333269debd9ab7f69f25e30f896d2cfdb9490db7ebdba5a4da9595431e22678a
376ee60ea7aaa472dfd22fbc48760e67b7c24e9043423c2cad9ee1aecf844538
3af7ed1fbe4a5464890f5f4d40b52a6a0647b4b21dfb2cd491d1fa8e7f941ffa
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3f6a6acd91f9753a79f660d84d20e0417cf70ae34132eca9178a70fcca591fc2
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
446cb2c77c2807618caf4de745e133e0893780c448f2ce8b1b0266f08f9dfc83
44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675
45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58fea9a526019acbd608efcdf6fbe9896e4a1bbb10e01c6d44c5fbb0e0b730d3
5a286db047138c16adaa1b5a5817d5cdfce555086cc376b3abd31086c1d5c07d
5a71f0a1b063404b62d2e3cc3c9b18469bb0d879608b78cb08680855109b8603
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
5faa324b2664693ce8c2115e3e440a9e736ef0549dee4cd6893cfc717375eb15
6168b6a855d7e1160dfe320457f3a95adaf92305b27952b6f8eb22d48751d1b7
62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871
66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d
6eb49924917abab026f80173e564b79d6e1b49b33b88052523ea8d1c6572f6a9
75795949ed66c0f8b5c0ef927cd3aff358f9aac175f6789fb6b15789127731a5
7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5
7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a
7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c
8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3
8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd
86c2c6e126f00e7d3f6563f926e895f606de229acf99391f0bb8e8175e8dde52
87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687
88f3613cc7a3e8c61b186ee57a7756866d403c26ff2daa58f4c7583a7523f0c2
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7
937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5
93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8
96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219
97651707b0ce18ff3ef4c0ac9dba90b63615fbfd6bc5b650da180f77099305f6
9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
accd74a3a9dad47cee6546a7d4366c7b220635da19efd043ef7d33333d000643
ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f
af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0f9adcfbbaf661b0ebbbc74099ccd3622917c4d7fff95d57b7c1993564ffe5f
b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876
b3a8953963fa7b23c98539cffff0383bbc690b1c5cb2d7606d7587e8d97576f1
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be8cca389c01246f49f19f6ac92da85c6627a35fd93c9939bcfc31639bdcc1a1
c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0
c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0
ccea349d73237232bc08a12695a59a5f873dda2b2e404cb9c6f11d9dd5806c3e
ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f
d00b100bca6ddea7af0ef559e6051eeaa3f59c732b586ac2495324cdd70dfc2a
d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c
dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0
e05aeb1eebccdbf3f63a449bf15f18d3ca7c2c16d42d9ca698f5cd5a917912de
e2e2b7071127028e806a86de11b427db630bfa4be49f0d36e14265f1089e1ea6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5
eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f15d14a948d5d97372a945a80c61612fe768a1c1e19de1f9067c4cabff78becd
f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07
f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f630c6ea4e44c35a93c0ee2950e68857311d9500d6025abe4a5db3ecaf270e3c
f641976030ca6cfe00221906bb08f0536067a28075027a3186adb9a5af536558
fb31ea8632a96b3f36c3ebc93a7270dd6a690d378cb11843c810553eaf120be2
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040
fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1
fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

threatvector.cylance.com Open in urlscan Pro 35.163.241.233 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

108 Requests

100 %HTTPS

40 %IPv6

40 Domains

47 Subdomains

40 IPs

8 Countries

2014 kBTransfer

4456 kBSize

2 Cookies

25 Outgoing links

Redirected requests

108 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatvector.cylance.com Open in urlscan Pro
35.163.241.233 Public Scan

Screenshot
Live screenshot

Full Image

108
Requests

100 %
HTTPS

40 %
IPv6

40
Domains

47
Subdomains

40
IPs

8
Countries

2014 kB
Transfer

4456 kB
Size

2
Cookies

108 HTTP transactions
0 data transactions