research.ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://detectrespond.ci.security/api/mailings/click/PMRGSZBCHIYTCNJYGA4SYITVOJWCEORCNB2HI4DTHIXS64TFONSWC4TDNAXGG2JOONSWG5LSNF2HS...
Effective URL:
https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&ut...
Submission: On July 08 via api (July 8th 2020, 1:12:37 pm UTC) from US

Summary HTTP 33 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 5 countries across 16 domains to perform 33 HTTP transactions. The main IP is 207.38.86.153, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is research.ci.security.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 31st 2020. Valid for: 3 months.

This is the only time research.ci.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.215.96.104 34.215.96.104	16509 (AMAZON-02) (AMAZON-02)
13	207.38.86.153 207.38.86.153	30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
1	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6814:15ef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.224.193.108 13.224.193.108	16509 (AMAZON-02) (AMAZON-02)
1	163.171.132.119 163.171.132.119	54994 (QUANTILNE...) (QUANTILNETWORKS)
2 3	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
2 2	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
1	143.204.94.108 143.204.94.108	16509 (AMAZON-02) (AMAZON-02)
2 2	52.212.22.61 52.212.22.61	16509 (AMAZON-02) (AMAZON-02)
1 2	13.225.87.69 13.225.87.69	16509 (AMAZON-02) (AMAZON-02)
3	35.174.150.168 35.174.150.168	14618 (AMAZON-AES) (AMAZON-AES)
1	34.250.196.193 34.250.196.193	16509 (AMAZON-02) (AMAZON-02)
1 4	184.51.8.183 184.51.8.183	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.30.34.11 52.30.34.11	16509 (AMAZON-02) (AMAZON-02)
33	16

1 34.215.96.104 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)

detectrespond.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 207.38.86.153 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: web594.webfaction.com

research.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:15ef (United States)

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.108 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-108.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.132.119 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::200e (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c04::9b (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.108 (Seattle, United States)

ASN16509 (AMAZON-02, US)

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.22.61 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.87.69 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.174.150.168 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cybersecurity.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.196.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.51.8.183 (United States) 1 redirects

ASN16625 (AKAMAI-AS, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.34.11 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	ci.security 1 redirects detectrespond.ci.security research.ci.security cybersecurity.ci.security	514 KB
5	adroll.com 1 redirects s.adroll.com d.adroll.com	14 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	google-analytics.com 2 redirects www.google-analytics.com	18 KB
2	pardot.com pi.pardot.com	4 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	google.de www.google.de	212 B
2	google.com 2 redirects www.google.com	354 B
2	doubleclick.net 2 redirects stats.g.doubleclick.net	306 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	pingdom.net rum-static.pingdom.net rum-collector-2.pingdom.net	3 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	demandbase.com tag.demandbase.com	22 KB
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	33 KB
33	16

	Domain	Requested by
13	research.ci.security	research.ci.security www.google-analytics.com
4	s.adroll.com	1 redirects research.ci.security s.adroll.com
3	www.google-analytics.com	2 redirects www.googletagmanager.com
2	pi.pardot.com	research.ci.security pi.pardot.com
2	segments.company-target.com	1 redirects research.ci.security
2	match.prod.bidr.io	2 redirects
2	www.google.de	research.ci.security
2	www.google.com	2 redirects
2	stats.g.doubleclick.net	2 redirects
2	px.ads.linkedin.com	1 redirects research.ci.security
1	cybersecurity.ci.security	pi.pardot.com
1	d.adroll.com
1	d.adroll.mgr.consensu.org	1 redirects
1	rum-collector-2.pingdom.net	rum-static.pingdom.net
1	api.company-target.com	tag.demandbase.com
1	apt.techtarget.com	research.ci.security
1	www.linkedin.com	1 redirects
1	trk.techtarget.com	research.ci.security
1	tag.demandbase.com	research.ci.security
1	snap.licdn.com	research.ci.security
1	rum-static.pingdom.net	research.ci.security
1	www.googletagmanager.com	research.ci.security
1	detectrespond.ci.security	1 redirects
33	23

This site contains links to these domains. Also see Links.

Domain
downtownseattle.org

Subject Issuer	Validity	Valid
research.ci.security Let's Encrypt Authority X3	`2020-05-31` - `2020-08-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.pingdom.net DigiCert SHA2 High Assurance Server CA	`2019-11-08` - `2021-01-19`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
www.google.de GTS CA 1O1	`2020-06-17` - `2020-09-09`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
pi.pardot.com DigiCert SHA2 Secure Server CA	`2019-12-26` - `2020-12-26`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
cybersecurity.ci.security Let's Encrypt Authority X3	`2020-06-30` - `2020-09-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Frame ID: 9EDDE44718FE1605510BD831745627B9
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://detectrespond.ci.security/api/mailings/click/PMRGSZBCHIYTCNJYGA4SYITVOJWCEORCNB2HI4DTHIXS64TFONSWC4TDN... HTTP 302
https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

33
Requests

100 %
HTTPS

43 %
IPv6

16
Domains

23
Subdomains

16
IPs

5
Countries

614 kB
Transfer

764 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://downtownseattle.org/parking/#!/
Title: Parking Options

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://detectrespond.ci.security/api/mailings/click/PMRGSZBCHIYTCNJYGA4SYITVOJWCEORCNB2HI4DTHIXS64TFONSWC4TDNAXGG2JOONSWG5LSNF2HSL3DN5XHIZLOOQXXKL3TMVRXK4TJOR4S2YLOMFWHS43UFVUW45TFON2GSZ3BORSXGLLNMFWHOYLSMUWWI33XNZWG6YLEH52XI3K7ONXXK4TDMU6W65LUOJSWCY3ILR2TAMBSGZ2XI3K7NVSWI2LVNU6WK3LBNFWFY5JQGAZDM5LUNVPWGYLNOBQWSZ3OHVRWY2ZCFQRG64THEI5CEM3EGZSGIMTDGEWTSOBRMIWTINRXG4WWCNJWMQWTGYZQGZRWIMTDMMZTAYRCFQRHMZLSONUW63RCHIRDIIRMEJZWSZZCHIRFOQKQKV2XMVSJI4YG63RVMFMTOZBNPIYHKVKMLBXWWUSJJJPU4S27GBZECWDZKNLGESBQHURH2=== HTTP 302
https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&time=1594213940269 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresearch.ci.security%252Fcontent%252Fu%252Fsecurity-analyst-investigates-malware-download%253Futm_source%253Doutreach%2526utm_medium%253Demail%2526utm_campaign%253Dclk%26time%3D1594213940269%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&time=1594213940269&liSync=true

Request Chain 12

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=732876094&t=pageview&_s=1&dl=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&ul=en-us&de=UTF-8&dt=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=795023266&gjid=344255264&cid=1865811468.1594213940&tid=UA-72734021-3&_gid=1535201391.1594213940&_r=1&gtm=2ou6o0&z=283794583 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_gid=1535201391.1594213940&gjid=344255264&_v=j83&z=283794583 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583&slf_rd=1&random=1631932577

Request Chain 15

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ&verifyHash=c5bb3b9404dbc1865926113a2ab376fe589fe720

Request Chain 23

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=732876094&t=event&ni=1&_s=2&dl=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&ul=en-us&de=UTF-8&dt=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAUAB~&jid=1753759398&gjid=430671563&cid=1865811468.1594213940&tid=UA-72734021-3&_gid=1535201391.1594213940&_r=1&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Warsaw&cd11=14&cd12=Poland&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=641130193 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_gid=1535201391.1594213940&gjid=430671563&_v=j83&z=641130193 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193&slf_rd=1&random=1812124186

Request Chain 27

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 29

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2 HTTP 302
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set security-analyst-investigates-malware-download Show response
research.ci.security/content/u/
Redirect Chain

https://detectrespond.ci.security/api/mailings/click/PMRGSZBCHIYTCNJYGA4SYITVOJWCEORCNB2HI4DTHIXS64TFONSWC4TDNAXGG2JOONSWG5LSNF2HSL3DN5XHIZLOOQXXKL3TMVRXK4TJOR4S2YLOMFWHS43UFVUW45TFON2GSZ3BORSXGLLN...
https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

21 KB
21 KB

594ms
288ms

Document
text/html

207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

b8e91c0d556ce8271373615322b67fef50b3e806d748e89c9b59aab289bef9d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Host: research.ci.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 08 Jul 2020 13:12:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 21006
Connection: keep-alive
Vary: Cookie
Set-Cookie: session=eyJfcGVybWFuZW50IjpmYWxzZX0.XwXGNA.VeLENfIBKFqBA6TwALiDJwvlfnU; HttpOnly; Path=/
Cache-Control: max-age=2628000, public
Expires: Fri, 07 Aug 2020 13:12:20 GMT
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin

Redirect headers

status: 302
server: nginx/1.17.10
date: Wed, 08 Jul 2020 13:12:19 GMT
content-type: text/html; charset=utf-8
content-length: 170
location: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 84 KB
33 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6e3481f69cdb394f9e81ff16e2529965a2b9697d3c01270caca3e336821a5bb6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 13:12:20 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33687
x-xss-protection: 0
last-modified: Wed, 08 Jul 2020 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 08 Jul 2020 13:12:20 GMT

GET
H2 200 pa-5b467204ef13ce0016000168.js Show response
rum-static.pingdom.net/ 6 KB
3 KB 27ms
10ms Script
application/javascript 2606:4700:10::6814:15ef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-static.pingdom.net/pa-5b467204ef13ce0016000168.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:15ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 989b72a67d4bf083a4855f56371918520e71662111d831cd09bf4d783e2fe21c

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 13:12:20 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 39
status: 200
cf-request-id: 03d027541700000ea79b839200000001
last-modified: Wed, 13 May 2020 13:49:07 GMT
server: cloudflare
etag: W/"5ebbfad3-1889"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 5afa0e668bef0ea7-FRA
expires: Wed, 08 Jul 2020 13:16:41 GMT

GET
H/1.1 200
OK kraken.min.css
research.ci.security/content/static/ 76 KB
77 KB 159ms
159ms Stylesheet
text/css 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/kraken.min.css?v

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

a5f4d237eca5164266222ebf4eca5b7eb203f20af91d2573df5d13ca13babbc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Thu, 02 Jul 2020 16:52:42 GMT
Server: nginx
ETag: "1593708762.9652455-78110-1710365062"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: text/css; charset=utf-8
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 78110
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK Logo_CISecurity_H_W_Standard.svg
research.ci.security/content/static/img/ 4 KB
5 KB 456ms
155ms Image
image/svg+xml 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.ci.security/content/static/img/Logo_CISecurity_H_W_Standard.svg

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

2c0184e68a0724c2c605f312b7410d6cb658659aeee613281bee745d7761a560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.88679-4216-4049805772"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/svg+xml; charset=utf-8
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 4216
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK Logo_CISecurity_H_C_Standard.png
research.ci.security/content/static/img/ 12 KB
12 KB 466ms
159ms Image
image/png 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.ci.security/content/static/img/Logo_CISecurity_H_C_Standard.png

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

eb95dd686a73503541c1856b8c3fe4b7c7b3022051fc76ff9e5e0483087fbadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.88579-12178-4029817261"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 12178
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK kraken.babel.min.js Show response
research.ci.security/content/static/ 176 KB
176 KB 448ms
152ms Script
application/javascript 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/kraken.babel.min.js

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

70ae136f2b7f12a76148d3504db60ede92f3bf7ada4695b579195bcf2d488414

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Thu, 02 Jul 2020 16:52:42 GMT
Server: nginx
ETag: "1593708762.9652455-180007-3926006590"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/javascript; charset=utf-8
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 180007
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 30ms
10ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=17408
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 97379541.min.js Show response
tag.demandbase.com/ 72 KB
22 KB 147ms
53ms Script
application/javascript 13.224.193.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/97379541.min.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.193.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-108.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f7839c569e969a4efba98f64f74f1abd0ea4c6aedc9952ee249a49b907ec47c

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 13:11:59 GMT
content-encoding: gzip
last-modified: Mon, 06 Jul 2020 19:04:56 GMT
server: AmazonS3
age: 22
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: eSjJE7AHTV2zrrQzT1Ivlxgmygg26CjN
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2-C1
content-type: application/javascript; charset=utf-8
x-amz-cf-id: 1teclZmuKPykb5ZmNTLhMETrK_eWz19gaMbyGUI0R09d-nAs4Fwx4w==
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 143ms
48ms Script
text/javascript 163.171.132.119
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.132.119 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 51
X-Ws-Request-Id: 5f05c634_PSdgflkfFRA2mu7_2092-16452
Content-Type: text/javascript
Via: 1.1 VMmgnyNY3vz67:3 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA2gb73:3 (W)
Cache-Control: max-age=600
X-Cache-Spec: Yes
X-Px: ht PSdgflkfFRA2gb73FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Wed, 08 Jul 2020 13:21:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 3402
date: Wed, 08 Jul 2020 12:15:38 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Wed, 08 Jul 2020 14:15:38 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fresearch.ci.security%252Fcontent%252Fu%252Fsec...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%...

0
57 B

112ms
111ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&time=1594213940269&liSync=true
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 13:12:20 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: chjz5SHJHxaAdcehoCsAAA==

Redirect headers

strict-transport-security: max-age=2592000
x-content-type-options: nosniff
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: lcPj4SHJHxbA1cn2lisAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: A3E70E992EB94C6AAA06742771E3A0F2 Ref B: FRAEDGE0919 Ref C: 2020-07-08T13:12:20Z
date: Wed, 08 Jul 2020 13:12:19 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&time=1594213940269&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK developers_at_computer_background-100_%401200.jpg
research.ci.security/content/static/img/backgrounds/ 51 KB
51 KB 436ms
158ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://research.ci.security/content/static/img/backgrounds/developers_at_computer_background-100_%401200.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

f0b1656b12a534e627a9283b97dae4e100b7f8e5ed98a3224a04670c03fc5520

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 19:26:16 GMT
Server: nginx
ETag: "1584386776.9863603-52109-798960536"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 52109
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=732876094&t=pageview&_s=1&dl=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_gid=1535201391.1594213940&gjid=344255264&_v=j83&z=283794583
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583&slf_rd=1&random=1631932577

42 B
106 B

19ms
19ms

Image
image/gif

2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583&slf_rd=1&random=1631932577

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jul 2020 13:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jul 2020 13:12:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=795023266&_v=j83&z=283794583&slf_rd=1&random=1631932577
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
450 B 575ms
145ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=20406435&version=2.0&ref=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&r=1594213940383
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384023492"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=69
Content-Length: 43

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 425 B
935 B 229ms
125ms XHR
application/json 143.204.94.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&page_title=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&key=ef6f04d2df1cbefc03f9dae82644e767&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.94.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5a55f4df74cbd026360319f0171afb69e728c975fa28490fa8b22ab32e675f62

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 08 Jul 2020 13:12:20 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
status: 200
request-id: a40387b0-c810-4db3-b359-e7cb3f6c279a
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://research.ci.security
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: g5h0fe7mvc_F0ONjJVyyElkWE4C6OAYStxrbqzBxttFTA6VS-3Umow==
expires: Tue, 07 Jul 2020 13:12:20 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ&verifyHash=c5bb3b9404dbc1865926113a2ab376fe589fe720

26 B
408 B

138ms
137ms

Image
image/gif

13.225.87.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ&verifyHash=c5bb3b9404dbc1865926113a2ab376fe589fe720
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.69 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:21 GMT
Via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 1c6bca357d096ea4
X-Amz-Cf-Id: 2_Jwgk18QOichIIm1LUwGMid9NUJhBXJ0GoS1WlFpkvrT-d6AfHizw==

Redirect headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Via: 1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAKaWU6-C4wAAA_flnEsRQ&verifyHash=c5bb3b9404dbc1865926113a2ab376fe589fe720
Connection: keep-alive
trace-id: 3e29b4eb5dd4278e
Content-Length: 0
X-Amz-Cf-Id: ivJvNBFlIjfQFFI6louU-C6YOYsvHgte8hlp4GGqSe5OUCJN1NGbjA==

GET
H/1.1 200
OK Roboto-Bold-webfont.woff
research.ci.security/content/static/fonts/ 21 KB
21 KB 161ms
150ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/Roboto-Bold-webfont.woff

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8757904-21320-824975263"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/font-woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 21320
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK Roboto-Regular-webfont.woff
research.ci.security/content/static/fonts/ 20 KB
21 KB 283ms
155ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/Roboto-Regular-webfont.woff

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8757904-20924-2499223792"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/font-woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 20924
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK RobotoSlab-Regular-webfont.woff
research.ci.security/content/static/fonts/ 23 KB
24 KB 310ms
171ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/RobotoSlab-Regular-webfont.woff

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8767903-23872-471868018"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/font-woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 23872
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK RobotoSlab-Bold-webfont.woff
research.ci.security/content/static/fonts/ 23 KB
24 KB 321ms
155ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/RobotoSlab-Bold-webfont.woff

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8767903-24060-3015713057"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/font-woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 24060
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK Roboto-Light-webfont.woff
research.ci.security/content/static/fonts/ 20 KB
21 KB 438ms
157ms Font
application/font-woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/Roboto-Light-webfont.woff

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8757904-20904-1381703702"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/font-woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 20904
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK BlackTie-Regular-webfont.woff2
research.ci.security/content/static/fonts/ 13 KB
13 KB 445ms
153ms Font
application/octet-stream 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/BlackTie-Regular-webfont.woff2

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.8717904-12928-4089323948"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/octet-stream
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 12928
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H/1.1 200
OK line-awesome.woff2
research.ci.security/content/static/fonts/ 44 KB
45 KB 436ms
159ms Font
application/octet-stream 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://research.ci.security/content/static/fonts/line-awesome.woff2

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://research.ci.security/
Origin: https://research.ci.security

Response headers

Date: Wed, 08 Jul 2020 13:12:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 16 Mar 2020 16:36:56 GMT
Server: nginx
ETag: "1584376616.88579-45108-2079858002"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/octet-stream
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Cookie
Content-Length: 45108
X-Content-Type-Options: nosniff
Expires: Thu, 09 Jul 2020 01:12:20 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j83&a=732876094&t=event&ni=1&_s=2&dl=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_gid=1535201391.1594213940&gjid=430671563&_v=j83&z=641130193
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193&slf_rd=1&random=1812124186

42 B
106 B

18ms
17ms

Image
image/gif

2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193&slf_rd=1&random=1812124186

Requested by

Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 08 Jul 2020 13:12:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 08 Jul 2020 13:12:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=1865811468.1594213940&jid=1753759398&_v=j83&z=641130193&slf_rd=1&random=1812124186
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 555ms
139ms Script
application/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: PardotServer /
Resource Hash: 925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 08 Jul 2020 13:12:21 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
Last-Modified: Fri, 13 Mar 2020 19:45:37 GMT
Server: PardotServer
ETag: "1442-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1842
Expires: Fri, 08 Jul 2022 13:12:21 GMT

GET
H/1.1 200
OK beacon.gif Show response
rum-collector-2.pingdom.net/img/ 0
213 B 263ms
66ms XHR
text/plain 34.250.196.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-collector-2.pingdom.net/img/beacon.gif?id=5b467204ef13ce0016000168&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=642&cE=947&dLE=642&dLS=641&fS=640&hS=669&rE=-1&rS=-1&reS=947&resS=1235&resE=1238&uEE=-1&uES=-1&dL=1238&dI=2089&dCLES=2090&dCLEE=2090&dC=2204&lES=2204&lEE=2206&s=nt&title=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&path=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download&ref=&sId=swhz493t&sST=1594213941&sIS=1&rV=0&v=1.4.1
Requested by: Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/pa-5b467204ef13ce0016000168.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.196.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Wed, 08 Jul 2020 13:12:21 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 37 KB
12 KB 134ms
45ms Script
text/javascript 184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: research.ci.security
URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 08d59945547979f3876f8a20427204b4e6b4acf78446b68abe271503dac15563

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: ZnYpdzcOpNB8OznXE9MS83InD_ISQ8.7
Content-Encoding: gzip
ETag: "9503a3a39dc1d95fb3dee4109f0f583b"
x-amz-request-id: B530AB4DAF62AE35
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11645
x-amz-id-2: vyB+kZFSYWKJj86n4m3tiYW774nnCZQmwmyUFbIcThoRc/BC3/4zVtHpvfHtJIo4PGjqkZtmKr0=
Last-Modified: Wed, 01 Jul 2020 15:34:55 GMT
Server: AmazonS3
Date: Wed, 08 Jul 2020 13:12:21 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

48ms
48ms

Script
application/javascript

184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Gq_Uupzq2k3J8S1dXTwhnfNaf5QBJsmG
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 1E8CDE18687D291F
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 8+VCH3RvputC9Qo7rGFnl5wdJA1nM0vRKAMwsYua3+sDRyrpBBrqzUBX8DCA2tD4Xclhnp4shRc=
Last-Modified: Mon, 22 Jun 2020 19:39:19 GMT
Server: AmazonS3
Date: Wed, 08 Jul 2020 13:12:21 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 08 Jul 2020 13:12:21 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/ 0
705 B 128ms
43ms Script
text/javascript 184.51.8.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.51.8.183 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: gqC7Q1Fo3lIFIwgy6KkkQ6ysuGnB6b.i
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 4B481FCB22920F17
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 0
x-amz-id-2: fSEuDyxcKpyMjLd3JBj3mKoZx/W9KeuF84IHvyBMbfpDfK91mroc9mC9l/TnY7USbuwRR+GjGZk=
Last-Modified: Tue, 07 Jul 2020 13:29:56 GMT
Server: AmazonS3
Date: Wed, 08 Jul 2020 13:12:21 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2
https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2

395 B
487 B

69ms
68ms

Script
application/javascript

52.30.34.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.34.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 82b57e5e5e4903daf19425c44018b66bc8da046b7d7a6fdef65dfdd549ce3794

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Wed, 08 Jul 2020 13:12:21 GMT
server: nginx/1.16.1
content-length: 395
content-type: application/javascript

Redirect headers

status: 302
date: Wed, 08 Jul 2020 13:12:21 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/PVQ657GQDFFXLFGCNQJYZN/?_s=411485b0f10b0c65b1e7382f1199e76c&_b=2

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 2 KB
2 KB 342ms
342ms Script
text/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&referrer=&utm_campaign=clk&utm_medium=email&utm_source=outreach
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: PardotServer /
Resource Hash: 766057672fe35fd3e1c812fed17eb185233d669cf7f82b112421db6cf96877f2

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jul 2020 13:12:21 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
X-Pardot-Rsp: 17/11/231
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 859
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
cybersecurity.ci.security/ 52 B
1 KB 658ms
243ms Script
text/javascript 35.174.150.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity.ci.security/analytics?conly=true&visitor_id=813108645&visitor_id_sign=788262513e6e286daeeb7c90e6a0dc18d448338de3225d950b05c11385ba504acba63ff1177ce4a46230fc4134a34df418f6e758&pi_opt_in=&campaign_id=20750&account_id=415142&title=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&referrer=&utm_campaign=clk&utm_medium=email&utm_source=outreach
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Security%20Analysts%20Use%20Packet%20Capture%20to%20Investigate%20Malware%20%7C%20CI%20Security&url=https%3A%2F%2Fresearch.ci.security%2Fcontent%2Fu%2Fsecurity-analyst-investigates-malware-download%3Futm_source%3Doutreach%26utm_medium%3Demail%26utm_campaign%3Dclk&referrer=&utm_campaign=clk&utm_medium=email&utm_source=outreach
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.150.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: PardotServer /
Resource Hash: eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825

Request headers

Referer: https://research.ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 08 Jul 2020 13:12:22 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: a083ac6fc1531fb089982e922db67d20
X-Pardot-Rsp: 16/124/112
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 52
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			research.ci.security/	1969-12-31 23:59:59	Name: session Value: eyJfcGVybWFuZW50IjpmYWxzZX0.XwXGNA.VeLENfIBKFqBA6TwALiDJwvlfnU
			.ci.security/	1970-01-19 10:50:14	Name: _gat_gtag_UA_72734021_3 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://research.ci.security/content/u/security-analyst-investigates-malware-download?utm_source=outreach&utm_medium=email&utm_campaign=clk(Line 32) Message: Production GA Script

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
apt.techtarget.com
cybersecurity.ci.security
d.adroll.com
d.adroll.mgr.consensu.org
detectrespond.ci.security
match.prod.bidr.io
pi.pardot.com
px.ads.linkedin.com
research.ci.security
rum-collector-2.pingdom.net
rum-static.pingdom.net
s.adroll.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
tag.demandbase.com
trk.techtarget.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
13.224.193.108
13.225.87.69
143.204.94.108
163.171.132.119
184.51.8.183
206.19.49.24
207.38.86.153
2606:4700:10::6814:15ef
2620:1ec:21::14
2a00:1450:4001:817::2003
2a00:1450:4001:821::2004
2a00:1450:4001:824::2008
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9b
2a02:26f0:10c:39e::25ea
2a05:f500:10:101::b93f:9105
34.215.96.104
34.250.196.193
35.174.150.168
52.212.22.61
52.30.34.11
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6
08d59945547979f3876f8a20427204b4e6b4acf78446b68abe271503dac15563
15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d
2c0184e68a0724c2c605f312b7410d6cb658659aeee613281bee745d7761a560
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
5a55f4df74cbd026360319f0171afb69e728c975fa28490fa8b22ab32e675f62
6e3481f69cdb394f9e81ff16e2529965a2b9697d3c01270caca3e336821a5bb6
70ae136f2b7f12a76148d3504db60ede92f3bf7ada4695b579195bcf2d488414
766057672fe35fd3e1c812fed17eb185233d669cf7f82b112421db6cf96877f2
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895
82b57e5e5e4903daf19425c44018b66bc8da046b7d7a6fdef65dfdd549ce3794
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8f7839c569e969a4efba98f64f74f1abd0ea4c6aedc9952ee249a49b907ec47c
925be107869153b6120de872c1ae333977bfaee69a0f7c6271f32d4a8348bca8
989b72a67d4bf083a4855f56371918520e71662111d831cd09bf4d783e2fe21c
a5f4d237eca5164266222ebf4eca5b7eb203f20af91d2573df5d13ca13babbc6
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307
b8e91c0d556ce8271373615322b67fef50b3e806d748e89c9b59aab289bef9d3
de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb95dd686a73503541c1856b8c3fe4b7c7b3022051fc76ff9e5e0483087fbadf
eca19fb64be166fabab688d0cdb2ae946d3370f8124ff0f3f18119cc2d4eb825
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b1656b12a534e627a9283b97dae4e100b7f8e5ed98a3224a04670c03fc5520
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

research.ci.security Open in urlscan Pro 207.38.86.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

33 Requests

100 %HTTPS

43 %IPv6

16 Domains

23 Subdomains

16 IPs

5 Countries

614 kBTransfer

764 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

research.ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

100 %
HTTPS

43 %
IPv6

16
Domains

23
Subdomains

16
IPs

5
Countries

614 kB
Transfer

764 kB
Size

2
Cookies

33 HTTP transactions
0 data transactions