URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Submission: On December 02 via manual from FR

Summary

This website contacted 29 IPs in 5 countries across 19 domains to perform 109 HTTP transactions. The main IP is 34.120.97.237, located in United States and belongs to GOOGLE, US. The main domain is www.acronis.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 20th 2020. Valid for: 2 years.
This is the only time www.acronis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
62 34.120.97.237 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.17.72.206 13335 (CLOUDFLAR...)
2 104.111.236.192 16625 (AKAMAI-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.111.218.144 16625 (AKAMAI-AS)
1 216.58.205.226 15169 (GOOGLE)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 13.224.194.32 16509 (AMAZON-02)
3 2600:9000:206... 16509 (AMAZON-02)
2 2 172.217.22.38 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 69.20.59.80 27357 (RACKSPACE)
1 192.28.147.68 15224 (OMNITURE)
4 2600:9000:21f... 16509 (AMAZON-02)
1 54.210.188.115 14618 (AMAZON-AES)
1 13.224.194.4 16509 (AMAZON-02)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 13.224.194.78 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 34.251.150.2 16509 (AMAZON-02)
4 104.16.95.80 13335 (CLOUDFLAR...)
2 52.54.207.18 14618 (AMAZON-AES)
109 29
Domain Requested by
62 www.acronis.com www.acronis.com
7 cdn.cookielaw.org www.acronis.com
cdn.cookielaw.org
4 app-sjh.marketo.com promo.acronis.com
cdn.cookielaw.org
4 data.schemaapp.com cdn.schemaapp.com
3 cdn.schemaapp.com www.googletagmanager.com
cdn.schemaapp.com
2 0yl6pcjbij.execute-api.us-east-1.amazonaws.com cdn.schemaapp.com
2 www.google.de www.acronis.com
2 www.google.com www.acronis.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 px.ads.linkedin.com 1 redirects www.acronis.com
2 ad.doubleclick.net 2 redirects
2 snap.licdn.com www.googletagmanager.com
snap.licdn.com
2 munchkin.marketo.net www.acronis.com
munchkin.marketo.net
1 in.hotjar.com script.hotjar.com
1 vars.hotjar.com static.hotjar.com
1 www.linkedin.com 1 redirects
1 script.hotjar.com static.hotjar.com
1 logx.optimizely.com cdn.optimizely.com
1 929-hvv-335.mktoresp.com munchkin.marketo.net
1 geoapi.acronis.com www.acronis.com
1 adservice.google.de www.acronis.com
1 adservice.google.com 1 redirects
1 static.hotjar.com www.acronis.com
1 connect.facebook.net www.acronis.com
1 www.googleadservices.com www.googletagmanager.com
1 a627870150.cdn.optimizely.com cdn.optimizely.com
1 www.googletagmanager.com www.acronis.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 promo.acronis.com www.acronis.com
1 fonts.googleapis.com www.acronis.com
1 cdn.optimizely.com www.acronis.com
109 31
Subject Issuer Validity Valid
*.acronis.com
Go Daddy Secure Certificate Authority - G2
2020-02-20 -
2022-02-20
2 years crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA
2020-01-20 -
2021-03-20
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2020-07-01 -
2021-07-01
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
promo.acronis.com
Cloudflare Inc ECC CA-3
2020-07-03 -
2021-07-03
a year crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA
2020-05-21 -
2022-07-27
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018
2020-03-05 -
2021-06-04
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-11-02 -
2021-01-30
3 months crt.sh
*.hotjar.com
Amazon
2020-01-22 -
2021-02-22
a year crt.sh
cdn.schemaapp.com
Amazon
2020-01-14 -
2021-02-14
a year crt.sh
*.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.mktoresp.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2022-01-21
2 years crt.sh
*.schemaapp.com
Amazon
2020-09-28 -
2021-10-29
a year crt.sh
logx.optimizely.com
Amazon
2020-09-21 -
2021-10-21
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
www.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
www.google.de
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
app-sjh.marketo.com
Cloudflare Inc ECC CA-3
2020-07-09 -
2021-07-09
a year crt.sh
*.execute-api.us-east-1.amazonaws.com
Amazon
2020-08-19 -
2021-09-19
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Frame ID: 6C8ED642D73734E11382E87F630A03E0
Requests: 107 HTTP requests in this frame

Frame: https://a627870150.cdn.optimizely.com/client_storage/a627870150.html
Frame ID: 20D7076BD6CE057EB0A880B4E8A377CA
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: A7DF65FDF078BE9BDE452803F07DFB24
Requests: 1 HTTP requests in this frame

Frame: https://app-sjh.marketo.com/index.php/form/XDFrame
Frame ID: ABB38384B34BDAB1B76326C5F6560187
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • meta generator /^Drupal(?:\s([\d.]+))?/i
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • meta generator /^Drupal(?:\s([\d.]+))?/i
  • headers expires /19 Nov 1978/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • headers via /^1\.1 google$/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Page Statistics

109
Requests

100 %
HTTPS

50 %
IPv6

19
Domains

31
Subdomains

29
IPs

5
Countries

7694 kB
Transfer

10312 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75
  • https://ad.doubleclick.net/activity;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161 HTTP 302
  • https://ad.doubleclick.net/activity;dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161 HTTP 302
  • https://adservice.google.com/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en-us/articles/sodinokibi-ransomware/ HTTP 302
  • https://adservice.google.de/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Request Chain 90
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D54926%26time%3D1606944161531%26url%3Dhttps%253A%252F%252Fwww.acronis.com%252Fen-us%252Farticles%252Fsodinokibi-ransomware%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&liSync=true

109 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.acronis.com/en-us/articles/sodinokibi-ransomware/
184 KB
27 KB
Document
General
Full URL
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9237fb18f25cbee5ec1de3e8cf442e88c6fc00330ec67b0cb42ed54b8b86ffe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
www.acronis.com
:scheme
https
:path
/en-us/articles/sodinokibi-ransomware/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server
nginx
date
Wed, 02 Dec 2020 21:22:40 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-ua-compatible
IE=edge
content-language
en-us
x-content-type-options
nosniff
expires
Sun, 19 Nov 1978 05:00:00 GMT
last-modified
Tue, 01 Dec 2020 18:13:48 GMT
etag
W/"1606846428"
x-generator
Drupal 8 (https://www.drupal.org)
content-encoding
gzip
x-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
content-length
27601
cache-control
max-age=3600, public
age
0
alt-svc
clear
627870150.js
cdn.optimizely.com/js/
365 KB
113 KB
Script
General
Full URL
https://cdn.optimizely.com/js/627870150.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:284::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
48040206065809b723e0d8a9c050210f231e8d6ed1c95e84d970f6204e73919c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
zWlbC0ak2BREVdoTQqyPXSQZo8ZZMu10
content-encoding
gzip
etag
"29298bf12ef2cafe9aa973374cf3909f"
x-amz-request-id
E0E1AD28482084CC
x-amz-server-side-encryption
AES256
x-amz-meta-revision
4852
x-amz-replication-status
PENDING
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:6c00:284::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
114872
x-amz-id-2
JMmJr4GVvkO7shhkDqxof7xVFad6BPrf+ZDH/Xvj2NkQrLS7a5x0yciQxj75F8fy7+23Eq3djqg=
last-modified
Tue, 24 Nov 2020 15:41:19 GMT
server
AmazonS3
date
Wed, 02 Dec 2020 21:22:40 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
OtAutoBlock.js
cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/
9 KB
3 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/OtAutoBlock.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
423de53ddb52b5a2d45d5a4b1f5cd1dda77a8c414cd61ba95259c62228055688
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
IP2wUAgrgDBUwgzH/qZJ2w==
age
472
vary
Accept-Encoding
content-length
2492
cf-request-id
06c6ef121800002fa5d6ac7000000001
x-ms-lease-status
unlocked
last-modified
Mon, 14 Sep 2020 09:14:15 GMT
server
cloudflare
etag
0x8D8588E8D799D7A
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f0d89765-a01e-0097-8079-b2bb2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81ac9be5d2fa5-FRA
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
13 KB
4 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d0d33ff3cbe6054d46a549c75a09323fc711113b82fde575003df837cb9f4e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
jYDzNb7TDeiVgZ0wAySJVQ==
age
5151
vary
Accept-Encoding
content-length
4134
cf-request-id
06c6ef121800002fa5252c0000000001
x-ms-lease-status
unlocked
last-modified
Mon, 30 Nov 2020 20:27:45 GMT
server
cloudflare
etag
0x8D8956E6599EB64
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
9edb8fc2-201e-016c-2b63-c73560000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81ac9be612fa5-FRA
css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css
www.acronis.com/sites/default/files/css/
6 KB
1 KB
Stylesheet
General
Full URL
https://www.acronis.com/sites/default/files/css/css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
023da943a1e13eb20a728eab468bdb01441823ffbf543ecab327e0eb03d606ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Fri, 06 Nov 2020 12:48:12 GMT
server
nginx
etag
"5fa5460c-540"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
1344
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:24 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/vendor_libs/
28 KB
6 KB
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/vendor_libs/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ad7dabcb0743de3053b3e137c361f39f3189ba2ed313cbf1eab1db3518a54bab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-71da"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/common/
16 KB
4 KB
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/common/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
87e8792f457ebb63bab65ef7b162cd7c5adc13724019bcce32c25cb0d16d2782
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-4174"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
iconfont.css
www.acronis.com/themes/custom/sun_slice/_dist/font_icons/
2 KB
660 B
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/font_icons/iconfont.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7590d5728c261f6f1947346b616a5964509bdd255b1886175192e980405acd5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:28:42 GMT
server
nginx
etag
W/"5fc636fa-829"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
css
fonts.googleapis.com/
8 KB
836 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&amp;subset=latin,cyrillic-ext,cyrillic,latin-ext
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c79f45aa72da8267dd5abcffe78bfd8fbc9add544bbccf6db01d5b6f54e1c7d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 02 Dec 2020 19:23:34 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
date
Wed, 02 Dec 2020 21:22:40 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Wed, 02 Dec 2020 21:22:40 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/
63 KB
18 KB
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
98334c30dc64e87f1600516ec344b77d2cb63fd005da6cda7d4bde2db9135538
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-fd1a"
x-frame-options
SAMEORIGIN
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:24 GMT
js_3fQ5DzkZhDswH6RoHI5W65doyW7zFMX8cb0EdnWbsDs.js
www.acronis.com/sites/default/files/js/
122 KB
42 KB
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_3fQ5DzkZhDswH6RoHI5W65doyW7zFMX8cb0EdnWbsDs.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ddf4390f3919843b301fa4681c8e56eb9768c96ef314c5fc71bd0476759bb03b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Wed, 25 Nov 2020 14:31:06 GMT
server
nginx
etag
"5fbe6aaa-a621"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
42529
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
metro_analytics.js
www.acronis.com/en-us/js/analytics/
13 KB
4 KB
Script
General
Full URL
https://www.acronis.com/en-us/js/analytics/metro_analytics.js?bv=qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6f74a330707b772d4e73a242ca207d3368ca42fede4174bbf482d430070cff5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Thu, 24 Sep 2020 11:16:52 GMT
server
nginx
etag
W/"5f6c8024-3328"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 google
alt-svc
clear
x-xss-protection
1; mode=block
js_DcRX6g7V2aNQh_53THrLEZQ_4TTkTltfSqSJWwgN8Z8.js
www.acronis.com/sites/default/files/js/
2 KB
917 B
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_DcRX6g7V2aNQh_53THrLEZQ_4TTkTltfSqSJWwgN8Z8.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0dc457ea0ed5d9a35087fe774c7acb11943fe134e44e5b5f4aa4895b080df19f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Wed, 25 Nov 2020 09:36:54 GMT
server
nginx
etag
"5fbe25b6-2df"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
735
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:24 GMT
forms2.js
promo.acronis.com/js/forms2/js/
563 KB
159 KB
Script
General
Full URL
https://promo.acronis.com/js/forms2/js/forms2.js?bv=qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a4245b2e5b04de2dc4a0870c3bb634081645a373180ded57ab36c11792111f3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Mon, 12 Oct 2020 17:13:35 GMT
server
cloudflare
etag
"480890-8cb83-5b17c6b21edc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cf-ray
5fb81acaadff1d1e-CPH
cf-request-id
06c6ef12aa00001d1ed6a38000000001
js_RTUcorzKOmH3GV3KglbTkZSX2xFfPkBQM651D71DE1c.js
www.acronis.com/sites/default/files/js/
340 B
282 B
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_RTUcorzKOmH3GV3KglbTkZSX2xFfPkBQM651D71DE1c.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
45351ca2bcca3a61f7195dca8256d3919497db115f3e405033ae750fbd431357
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Wed, 25 Nov 2020 09:36:54 GMT
server
nginx
etag
"5fbe25b6-c7"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
199
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:24 GMT
acronis_backup_12_0.png
www.acronis.com/sites/default/files/cta_blocks/
17 KB
17 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/cta_blocks/acronis_backup_12_0.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
289cc9d685133505be87d909057b35ae196c82cd3f01dbf7917faa8b0013a110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Tue, 14 Aug 2018 10:58:14 GMT
server
nginx
etag
"5b72b5c6-43bb"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
17339
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
sod.png
www.acronis.com/sites/default/files/inline_images/
214 KB
215 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sod.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9a945892c30069e0f3e670ca27025fb18f1900ea029ed6212a541fd256ea6d06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 08:26:16 GMT
server
nginx
etag
"5d1c66a8-359ef"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
219631
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
fig02.png
www.acronis.com/sites/default/files/inline_images/
137 KB
138 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/fig02.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ad0ec55f333283ee17c21b9578442e6bc61094c17c30fcd45eba8a05e86eb274
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 08:30:03 GMT
server
nginx
etag
"5d1c678b-22544"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
140612
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
fig01.png
www.acronis.com/sites/default/files/inline_images/
438 KB
438 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/fig01.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
586d3d8ff27abf274d3e20decac3d0120f809c014cc688f43839ed841fc332df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 08:28:21 GMT
server
nginx
etag
"5d1c6725-6d728"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
448296
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
fig02-1.png
www.acronis.com/sites/default/files/inline_images/
141 KB
142 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/fig02-1.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
52bbc935dcaf76771f7b143b743cc2fff28b344eb76f697832b56feba015ee0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 10:56:07 GMT
server
nginx
etag
"5d1c89c7-2355e"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
144734
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig03.png
www.acronis.com/sites/default/files/inline_images/
167 KB
167 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig03.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f7f5d9ee8b4bbcd310b778a50a3b731a3673dddd267b2b74c707bffe7aa16d41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 15:47:08 GMT
server
nginx
etag
"5d1ccdfc-29a1c"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
170524
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig04.png
www.acronis.com/sites/default/files/inline_images/
237 KB
238 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig04.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
779ad2add09f360ecc3615328fafb38b351a3bc5fd0238728201de709a7b1ccb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 15:50:38 GMT
server
nginx
etag
"5d1ccece-3b4ed"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
242925
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig05.png
www.acronis.com/sites/default/files/inline_images/
24 KB
24 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig05.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
3afb48630b3217015db47ce9246b6876a93b8674bab8397a38beee03ff51e26f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 16:38:49 GMT
server
nginx
etag
"5d1cda19-606e"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
24686
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig06.png
www.acronis.com/sites/default/files/inline_images/
51 KB
51 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig06.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
450b3b21b9597e8d366458c706c45c8c851fccf83400333aba6d06aba95a4275
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 18:01:32 GMT
server
nginx
etag
"5d1ced7c-cbe8"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
52200
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig07.png
www.acronis.com/sites/default/files/inline_images/
74 KB
74 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig07.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d908f775bc650986b53800676bea73928d303f7beef3c7e5c5756553ea4cd279
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 18:09:54 GMT
server
nginx
etag
"5d1cef72-12733"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
75571
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig08.png
www.acronis.com/sites/default/files/inline_images/
346 KB
347 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig08.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e9406126b58566d7dac6f08a6faf0846d054a61ea45a4585ff988fe898ea2c83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 18:14:55 GMT
server
nginx
etag
"5d1cf09f-5674e"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
354126
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig09.png
www.acronis.com/sites/default/files/inline_images/
266 KB
267 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig09.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e76027553f07b5a85829df4ea260a34213545288948893674a62182ed36ff295
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 18:54:55 GMT
server
nginx
etag
"5d1cf9ff-4281d"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
272413
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig10.png
www.acronis.com/sites/default/files/inline_images/
181 KB
181 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig10.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
34c0d99f49fb1d3d6b8db4af054f2701503b561c1b7361de5257a0fe5d9eeb99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 19:13:28 GMT
server
nginx
etag
"5d1cfe58-2d32c"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
185132
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
sodinokibi-11.png
www.acronis.com/sites/default/files/inline_images/
254 KB
255 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokibi-11.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
a673e0d372c53a44997b24f1864357578181bd10dd6dc1a421e975d3f5bef4b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Mon, 15 Jul 2019 16:25:18 GMT
server
nginx
etag
"5d2ca8ee-3f847"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
260167
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
sodinokibi-12.png
www.acronis.com/sites/default/files/inline_images/
141 KB
142 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokibi-12.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e4e875e2f97b06444c312369734f5676b387d8cea1240d65127e93585b1eba0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Mon, 15 Jul 2019 16:27:48 GMT
server
nginx
etag
"5d2ca984-234ca"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
144586
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
sodinokibi-13.png
www.acronis.com/sites/default/files/inline_images/
187 KB
188 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokibi-13.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8691ccf42c10f3c66933e952648641de3b9fcdd0cf1e68a567cd3184ca5c3712
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Mon, 15 Jul 2019 16:29:53 GMT
server
nginx
etag
"5d2caa01-2ed27"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
191783
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
sodinokibi-14.png
www.acronis.com/sites/default/files/inline_images/
113 KB
113 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokibi-14.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
36a74e9a072e00629e4270fb5abe4c47155cd97d8b2d61ea02be480381c5988f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Mon, 15 Jul 2019 16:31:37 GMT
server
nginx
etag
"5d2caa69-1c457"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
115799
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig15.png
www.acronis.com/sites/default/files/inline_images/
328 KB
329 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig15.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0eeeaf8d98469863e42b400c052fe28d729fcc73197d6a7b451a035fead26351
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 03 Jul 2019 19:49:34 GMT
server
nginx
etag
"5d1d06ce-5202d"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
335917
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig16.png
www.acronis.com/sites/default/files/inline_images/
212 KB
213 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig16.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bed1f982188ae10d946b60e603ef7d20c8547c1da8ef13b0815ae8386a2df635
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 06:59:42 GMT
server
nginx
etag
"5d1da3de-351f3"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
217587
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig17.png
www.acronis.com/sites/default/files/inline_images/
483 KB
483 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig17.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e22a881c1af7f1f78124dd7948f5ef6675bd177eae76853fd16b1c0e803a2382
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 07:02:46 GMT
server
nginx
etag
"5d1da496-78a14"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
494100
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig18.png
www.acronis.com/sites/default/files/inline_images/
143 KB
143 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig18.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
4267dea72a0c69575594fb0f90a8d967b618ce5b92fe7ae7072880bb2612ad46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 07:07:30 GMT
server
nginx
etag
"5d1da5b2-23aed"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
146157
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
code.png
www.acronis.com/sites/default/files/inline_images/
20 KB
20 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/code.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
717f45945b11000cc9891a701635b77cee8f54f083fcf694f3737152d2594911
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 08:53:18 GMT
server
nginx
etag
"5d1dbe7e-50c0"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
20672
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig19.png
www.acronis.com/sites/default/files/inline_images/
394 KB
395 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig19.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
594625a9541d5c173456c0348b2bc357183eea3000f7b2f593ef9baab4f53b09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 08:04:25 GMT
server
nginx
etag
"5d1db309-629e7"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
403943
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
Fig20.png
www.acronis.com/sites/default/files/inline_images/
748 KB
750 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig20.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
159c420ea0927167f37716d4136ab1ca6e1e1b72e3827aa7f3251d8835889c39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 08:07:39 GMT
server
nginx
etag
"5d1db3cb-bb1d0"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
766416
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
Fig21.png
www.acronis.com/sites/default/files/inline_images/
135 KB
135 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/Fig21.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9d4bb34d313fb689d5f8abe4bceaf7dceb7aa12b019af89ebdd131a6d3c6a857
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 08:16:56 GMT
server
nginx
etag
"5d1db5f8-21ac6"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
137926
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:26 GMT
sodinokibi_22.png
www.acronis.com/sites/default/files/inline_images/
129 KB
129 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokibi_22.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
1a9025fb8d2a7e073c1b7a62143ce614d635d7febef6f0d7c2f53d31500fffeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Tue, 16 Jul 2019 17:03:11 GMT
server
nginx
etag
"5d2e034f-203bb"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
132027
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
sodinokini_23.png
www.acronis.com/sites/default/files/inline_images/
100 KB
101 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/inline_images/sodinokini_23.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
57fa243abb125e4255190477f7e20d56fe2943b786d923b3fc58d77bda6f0e20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Tue, 16 Jul 2019 17:08:15 GMT
server
nginx
etag
"5d2e047f-1911e"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
102686
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
js_ZF5ADJrVHHGJ6gVVajLLqbMkYtTpPqe368XeKgm4iSo.js
www.acronis.com/sites/default/files/js/
47 KB
14 KB
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_ZF5ADJrVHHGJ6gVVajLLqbMkYtTpPqe368XeKgm4iSo.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
645e400c9ad51c7189ea05556a32cba9b32462d4e93ea7b7ebc5de2a09b8892a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Thu, 26 Nov 2020 15:19:19 GMT
server
nginx
etag
"5fbfc777-3775"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
14197
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
asm-d7-d8.js
www.acronis.com/en-us/js/crosssys/
18 KB
6 KB
Script
General
Full URL
https://www.acronis.com/en-us/js/crosssys/asm-d7-d8.js?bv=qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
532b5cab4652d3becb399246829cff8b5886ab5d61cd17211defda3d5bd92046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Thu, 26 Nov 2020 14:22:37 GMT
server
nginx
etag
W/"5fbfba2d-4738"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
application/javascript
via
1.1 google
alt-svc
clear
x-xss-protection
1; mode=block
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js?bv=qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-236-192.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:40 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Aug 2020 03:11:00 GMT
Server
AkamaiNetStorage
ETag
"a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
js_RCQSyA-aRQ5RAnPRyLr_w4ZxCmi7-30EbNBwfoNDP5E.js
www.acronis.com/sites/default/files/js/
160 B
250 B
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_RCQSyA-aRQ5RAnPRyLr_w4ZxCmi7-30EbNBwfoNDP5E.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
442412c80f9a450e510273d1c8baffc386710a68bbfb7d046cd0707e83433f91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Wed, 11 Nov 2020 21:38:09 GMT
server
nginx
etag
"5fac59c1-90"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
144
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
build.js
www.acronis.com/themes/custom/sun_slice/_dist/common/
367 KB
63 KB
Script
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/common/build.js?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bc94efcfd6c5ddbf10e95f4755ad417beddd848829224bebf593030a1fa65ac6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-5bc06"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
build.js
www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/
457 KB
111 KB
Script
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.js?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
94defc6c512d6254028dec825fb0e4f26901981ff84bbca852c744ecbe18727f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-725be"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
build.js
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-body/
4 KB
1 KB
Script
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-body/build.js?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
3137083b818f881c81c044a69f82c0e90404cb5c8e368cd8ca35517701f84a7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-1017"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
js_N9ZkFIIETWxoBCSllWc4bIS7W7OPbSdJzMqfIzAVuAs.js
www.acronis.com/sites/default/files/js/
870 B
454 B
Script
General
Full URL
https://www.acronis.com/sites/default/files/js/js_N9ZkFIIETWxoBCSllWc4bIS7W7OPbSdJzMqfIzAVuAs.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
37d6641482044d6c680424a59567386c84bb5bb38f6d2749ccca9f233015b80b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Thu, 12 Nov 2020 11:26:23 GMT
server
nginx
etag
"5fad1bdf-152"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
content-length
338
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
build.js
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-header/
2 KB
634 B
Script
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-header/build.js?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
32d3728532d1a3705f96169e197becdb8f71ba2559dbb25193a2074c697218d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-822"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
c570eb43-1169-4222-914c-38a09bd70ca0.json
cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/
3 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/c570eb43-1169-4222-914c-38a09bd70ca0.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
418306128be4170c829d1b8e461be02a91344115845abaf8e8c45dd7409ce11b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
z//2KPqLklCbWbl+G+gOhw==
age
646
vary
Accept-Encoding
content-length
1292
cf-request-id
06c6ef12c80000178efd885000000001
x-ms-lease-status
unlocked
last-modified
Mon, 14 Sep 2020 09:14:15 GMT
server
cloudflare
etag
0x8D8588E8DB26B16
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
839a758e-801e-006e-2590-b171cf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81acadff6178e-FRA
build.css
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-cta/
2 KB
709 B
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-cta/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ff99762ffbd0263fbb63faebced748d563075463b65b945bb5af76b6ee0ea01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-8be"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-related-articles/
1 KB
609 B
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-related-articles/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
eafc7665fb2f86569470bad0dbfe300d4d77cfee5eb90ec9612c31246c633e7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-5e6"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-body/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-body/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
fc0b73aea3ac12295f433f013430669d4da590b287ed785bdad15a2210e011ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-1a16"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
build.css
www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-header/
5 KB
1 KB
Stylesheet
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/reused/slice-article-header/build.css?qko7pv
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
fde9ce634d1adae8c8904c20ec081d22a4c93626f15e5844a9d0398e03598933
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
W/"5fc6376f-120b"
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
alt-svc
clear
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
menu.css
www.acronis.com/sites/all/modules/navi/css/
22 KB
6 KB
Stylesheet
General
Full URL
https://www.acronis.com/sites/all/modules/navi/css/menu.css?a1
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/sites/default/files/css/css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0e49af20d8b666040df0a4450905172e187916b81ce9a9ecc9b313483bf632d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.acronis.com/sites/default/files/css/css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
last-modified
Wed, 07 Oct 2020 11:09:35 GMT
server
nginx
etag
W/"5f7da1ef-59bd"
x-cache-status
HIT
vary
Accept-Encoding
content-type
text/css
via
1.1 google
cache-control
max-age=259200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
clear
expires
Fri, 04 Dec 2020 17:29:21 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
164 B
514 B
Script
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0cc0930a1ab7e9ae754783576228f3c32caa07605236711cf81035f3f45f0ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5fb81acc7fe1dfc7-FRA
cf-request-id
06c6ef13c90000dfc78490b000000001
gtm.js
www.googletagmanager.com/
282 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PFG6ZF
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/sites/default/files/js/js_DcRX6g7V2aNQh_53THrLEZQ_4TTkTltfSqSJWwgN8Z8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5938ee8613fd4b6ec40ab3550f1815ca808421fd9df6bc92b5807aa03cab04f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70980
x-xss-protection
0
last-modified
Wed, 02 Dec 2020 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 02 Dec 2020 21:22:40 GMT
OpenSans-Regular.ac327c4.woff
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
62 KB
63 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/OpenSans-Regular.ac327c4.woff
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
alt-svc
clear
content-length
63712
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-f8e0"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/font-woff
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:22:40 GMT
a627870150.html
a627870150.cdn.optimizely.com/client_storage/ Frame 20D7
0
0
Document
General
Full URL
https://a627870150.cdn.optimizely.com/client_storage/a627870150.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/627870150.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.218.144 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-218-144.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

:method
GET
:authority
a627870150.cdn.optimizely.com
:scheme
https
:path
/client_storage/a627870150.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/

Response headers

x-amz-id-2
36huJW6fF7QyY0Dk9f75xACFDjEdpzhQrHi+si6/LS2N9u9cjDjcd2Sg3fkx6Xju0a0JUDgskhk=
x-amz-request-id
3270CCF1B2DDE9A5
x-amz-replication-status
PENDING
last-modified
Tue, 24 Nov 2020 15:41:13 GMT
etag
"38dc5f3c7e079ea3f36d8f9b19cada02"
x-amz-server-side-encryption
AES256
x-amz-meta-pci_enabled
False
content-encoding
gzip
x-amz-version-id
q6AUtXfgQns61iaKuOOdyPxv0NLs3uYm
accept-ranges
bytes
content-type
text/html; charset=utf-8
content-length
755
server
AmazonS3
vary
Accept-Encoding
cache-control
max-age=120
date
Wed, 02 Dec 2020 21:22:40 GMT
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="14";dur=0,cdnip;desc="104.111.218.144";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
Sodinokibi-title.jpg
www.acronis.com/sites/default/files/background_images/
620 KB
621 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/background_images/Sodinokibi-title.jpg
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
51cd732c5842ff178986202f25d91b0ddf140d58f89c7c48b79a0ae3f62da97e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Thu, 04 Jul 2019 10:53:09 GMT
server
nginx
etag
"5d1dda95-9b1f0"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
635376
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
cloud.jpg
www.acronis.com/sites/default/files/2017-09/
41 KB
41 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/2017-09/cloud.jpg
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
ce5724cfeb506d9fc65a248fc63c9a237f25816e3c4193fef19eeeda5a3c746d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 06 Jun 2018 12:50:56 GMT
server
nginx
etag
"5b17d8b0-a323"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
41763
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:22:40 GMT
backup.jpg
www.acronis.com/sites/default/files/2017-09/
47 KB
47 KB
Image
General
Full URL
https://www.acronis.com/sites/default/files/2017-09/backup.jpg
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0aa756ec1fe48b300d1745aa3aa74f9d2549a5daa465fc11e00c9d2536426d55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
last-modified
Wed, 06 Jun 2018 12:50:56 GMT
server
nginx
etag
"5b17d8b0-ba50"
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
image/jpeg
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
47696
x-xss-protection
1; mode=block
expires
Sat, 05 Dec 2020 21:25:25 GMT
social-icons%402x.png
www.acronis.com/modules/custom/universe/images/
14 KB
14 KB
Image
General
Full URL
https://www.acronis.com/modules/custom/universe/images/social-icons%402x.png
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/sites/default/files/css/css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
61a9c0faa6a7ee3c726d3df4979c686bd1ec4e1cf669a825fbc637da88106d3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.acronis.com/sites/default/files/css/css_Aj2pQ6HhPrIKco6rRovbAUQYI_-_VD7Ksyfg6wPWBq0.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
last-modified
Wed, 20 Jun 2018 09:52:56 GMT
server
nginx
etag
"5b2a23f8-36bd"
x-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
cache-control
max-age=259200
accept-ranges
bytes
alt-svc
clear
content-length
14013
expires
Fri, 04 Dec 2020 17:32:05 GMT
iconfont.5139599.woff2
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
30 KB
30 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/iconfont.5139599.woff2
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
fdb53f28a8f90511c96480ca58b5e0310f0d3eab94766058a40f772b6a0e610a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
alt-svc
clear
content-length
30880
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-78a0"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:25:25 GMT
OpenSans-Semibold.9f21442.woff
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
68 KB
68 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/OpenSans-Semibold.9f21442.woff
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
alt-svc
clear
content-length
69888
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-11100"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/font-woff
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:22:41 GMT
OpenSans-Bold.8926673.woff
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
62 KB
62 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/OpenSans-Bold.8926673.woff
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
alt-svc
clear
content-length
63564
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-f84c"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/font-woff
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:22:41 GMT
OpenSans-Italic.5250746.woff
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
74 KB
75 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/OpenSans-Italic.5250746.woff
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
175b36257911c358180606dd88c49ec593dcf1e338b02e4bcc7447324c462287
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
alt-svc
clear
content-length
76104
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-12948"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/font-woff
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:22:40 GMT
OpenSans-BoldItalic.7be88e7.woff
www.acronis.com/themes/custom/sun_slice/_dist/fonts/
72 KB
72 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/fonts/OpenSans-BoldItalic.7be88e7.woff
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5dfe822d22c64b0cbaff5da28a11b21ee2193a5c20830369f5f7cd63b263faa1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/slices/not-reused/live-chat/build.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:40 GMT
via
1.1 google
alt-svc
clear
content-length
73624
last-modified
Tue, 01 Dec 2020 12:30:39 GMT
server
nginx
etag
"5fc6376f-11f98"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/font-woff
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:22:40 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.6.0/
338 KB
72 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Xs4BplpA7QV+zkRYpo3+wA==
age
2561129
vary
Accept-Encoding
content-length
73082
cf-request-id
06c6ef148d00002fa53db31000000001
x-ms-lease-status
unlocked
last-modified
Thu, 10 Sep 2020 01:36:33 GMT
server
cloudflare
etag
0x8D85529F2EBAD26
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
66e8cb1e-b01e-0029-40a6-b1aea4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81acdae832fa5-FRA
expires
Thu, 10 Dec 2020 21:22:40 GMT
conversion_async.js
www.googleadservices.com/pagead/
30 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFG6ZF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s24-in-f226.1e100.net
Software
cafe /
Resource Hash
30b509528a09195b7a7080345419048fd35269803cdfeab438a98c2176a1d9d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11761
x-xss-protection
0
server
cafe
etag
8854462785499610041
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 02 Dec 2020 21:22:41 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
965 B
761 B
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFG6ZF
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=38628
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
448
fbevents.js
connect.facebook.net/en_US/
89 KB
24 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23320
x-xss-protection
0
pragma
public
x-fb-debug
0DP2Kl/mqVUJ669d0XL/XDkI7heTeMks4yLpsVyA3TCMpn99smIZAE0asLtbbjpwsg0hrGOKwOWnVta5Xl7R8Q==
x-fb-trip-id
2050670934
x-frame-options
DENY
date
Wed, 02 Dec 2020 21:22:40 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-1392672.js
static.hotjar.com/c/
8 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1392672.js?sv=6
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.32 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-32.fra2.r.cloudfront.net
Software
/
Resource Hash
8f10a5fb22571e9a0abba0525db5135ff2ee5086d2e360da5fbe257818aefb64
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
FRA2-C1
etag
W/31a383d14e2131c69349be92e890f01d
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
x-cache-hit
1
x-amz-cf-id
FxY6EiCbXumES_Z70qmIpa_gABLoT7tFq811LpAmGl0giQgPy9qMmQ==
via
1.1 59d92388a3a66e5f245f384a437fa025.cloudfront.net (CloudFront)
schemaFunctions.min.js
cdn.schemaapp.com/javascript/
970 B
1 KB
Script
General
Full URL
https://cdn.schemaapp.com/javascript/schemaFunctions.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFG6ZF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:d600:a:6e64:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
de59e5a747850061e4f9ce11800bf303b7081020b9be9abfba7dc4880d416190

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 02 Dec 2020 18:00:57 GMT
via
1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
last-modified
Fri, 09 Oct 2020 16:58:21 GMT
server
AmazonS3
age
12104
etag
"b4ce3ac5de528677518722b2450a4fb1"
x-cache
Hit from cloudfront
x-amz-version-id
aeMvyFMdoINZ7KjYYO9bdE1a.HK3OLQH
cache-control
max-age=25200
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
content-length
970
x-amz-cf-id
NZ-8tsTQ0U1g7LexRZey_g8LgkZn7CRMb4PWgEcQDBahZfX4kOXsFQ==
/
adservice.google.de/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en-us/arti...
Redirect Chain
  • https://ad.doubleclick.net/activity;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161?
  • https://ad.doubleclick.net/activity;dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161?
  • https://adservice.google.com/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/e...
  • https://adservice.google.de/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en...
42 B
118 B
Image
General
Full URL
https://adservice.google.de/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/html; charset=UTF-8
location
https://adservice.google.de/ddm/fls/p/dc_pre=CNahl7-dsO0CFcSGGAodqokP9Q;src=4763301;type=counter;cat=acron0;ord=7691418143075;gtm=2wgb41;auiddc=242232518.1606944161;~oref=https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/159/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/159/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?bv=qko7pv
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-236-192.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 08 May 2020 02:24:14 GMT
Server
AkamaiNetStorage
ETag
"79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4810
Expires
Fri, 12 Mar 2021 21:22:40 GMT
en.json
cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/a1f914ac-390b-484b-9577-7c7ad52c8361/
54 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/a1f914ac-390b-484b-9577-7c7ad52c8361/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32e721f04613ecb5b21c772a19cd0e505669a1554fd3b1e3904a94492aa4c9ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cVzC4Pi6yJw09q9kzRV9LA==
age
1058
vary
Accept-Encoding
content-length
12989
cf-request-id
06c6ef14c50000178ef2a87000000001
x-ms-lease-status
unlocked
last-modified
Mon, 14 Sep 2020 09:14:22 GMT
server
cloudflare
etag
0x8D8588E91B463BA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ea9d9557-d01e-00dc-08f4-b38ab5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81ace0f7b178e-FRA
iconfont.woff2
www.acronis.com/themes/custom/sun_slice/_dist/font_icons/
5 KB
5 KB
Font
General
Full URL
https://www.acronis.com/themes/custom/sun_slice/_dist/font_icons/iconfont.woff2?ee2c8af8d3d619f83fb553a021088ec1
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/themes/custom/sun_slice/_dist/font_icons/iconfont.css?qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
85d39a1c28d15905afa74badc4a31bdc4238a54b12d8d7e4ea6fc47624bd2ede
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://www.acronis.com
Referer
https://www.acronis.com/themes/custom/sun_slice/_dist/font_icons/iconfont.css?qko7pv
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
alt-svc
clear
content-length
4976
last-modified
Tue, 01 Dec 2020 12:28:42 GMT
server
nginx
etag
"5fc636fa-1370"
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
https://www.acronis.com
cache-control
max-age=259200
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
expires
Sat, 05 Dec 2020 21:25:25 GMT
insight.beta.min.js
snap.licdn.com/li.lms-analytics/
4 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 Sep 2020 22:01:48 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=38594
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1799
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.6.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.6.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4002d856e575601b351be144c9d7e4e6977286644fede72a7de1638844722aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
f0F4EuE0gP7Qgw9ylM7TtA==
age
2130748
vary
Accept-Encoding
content-length
2778
cf-request-id
06c6ef153d0000178e6235f000000001
x-ms-lease-status
unlocked
last-modified
Thu, 10 Sep 2020 01:36:25 GMT
server
cloudflare
etag
0x8D85529EE5E999A
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
dbec1ba7-901e-0118-1d90-b5b326000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81acec92e178e-FRA
expires
Thu, 10 Dec 2020 21:22:41 GMT
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.6.0/assets/
57 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.6.0/assets/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ea7f0a7844cada198d1e8a28343cc081d3631c716c9dd53d889e4b7feae04ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Mg7iJdVoxVGmqw/VwCobbQ==
age
2474535
vary
Accept-Encoding
content-length
14112
cf-request-id
06c6ef153d0000178e3d818000000001
x-ms-lease-status
unlocked
last-modified
Thu, 10 Sep 2020 01:36:26 GMT
server
cloudflare
etag
0x8D85529EEE93F94
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
584b3ccc-301e-0137-126f-b2321c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
5fb81acec930178e-FRA
expires
Thu, 10 Dec 2020 21:22:41 GMT
subscription-form.html
www.acronis.com/en-us/js/crosssys/ribbons/contents/
16 KB
6 KB
XHR
General
Full URL
https://www.acronis.com/en-us/js/crosssys/ribbons/contents/subscription-form.html?_=1606944160611
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/sites/default/files/js/js_3fQ5DzkZhDswH6RoHI5W65doyW7zFMX8cb0EdnWbsDs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.97.237 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
237.97.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6787aa03cf26c59a44125d9648fdea8e89352b3c7a036ab67b8d9b2894e312e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:41 GMT
via
1.1 google
x-metro-apache-host
us.metro.acronis.com
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-type
text/html; charset=utf-8
content-encoding
gzip
alt-svc
clear
x-xss-protection
1; mode=block
/
geoapi.acronis.com/
238 B
799 B
XHR
General
Full URL
https://geoapi.acronis.com/
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/sites/default/files/js/js_3fQ5DzkZhDswH6RoHI5W65doyW7zFMX8cb0EdnWbsDs.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.20.59.80 San Antonio, United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software
nginx / PHP/7.3.10
Resource Hash
4b7f2615dd8592ffd1de68f27e15667aa9bb44da275fac59c599a789f753c595
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:41 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/7.3.10
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET
Content-Type
application/json
Access-Control-Allow-Origin
https://www.acronis.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Accept-Encoding, Accept-Language, Authorization, Cache-Control, Connection, DNT, Keep-Alive, If-Modified-Since, Origin, Save-Data, User-Agent, X-Requested-With, Content-Type
X-XSS-Protection
1; mode=block
Keep-Alive
timeout=20
visitWebPage
929-hvv-335.mktoresp.com/webevents/
2 B
311 B
XHR
General
Full URL
https://929-hvv-335.mktoresp.com/webevents/visitWebPage?_mchNc=1606944161463&_mchCn=&_mchId=929-HVV-335&_mchTk=_mch-acronis.com-1606944161463-51750&_mchHo=www.acronis.com&_mchPo=&_mchRu=%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 02 Dec 2020 21:22:42 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
ec065098-afed-4228-a028-ba8f8d682a43
aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
data.schemaapp.com/Acronis/ Frame
0
0
Other
General
Full URL
https://data.schemaapp.com/Acronis/aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
Protocol
H2
Server
2600:9000:21f3:de00:1f:d9e6:d540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-api-key
Origin
https://www.acronis.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-length
0
date
Wed, 02 Dec 2020 21:22:42 GMT
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-allow-headers
x-api-key
access-control-max-age
3000
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains;
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache
Miss from cloudfront
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
nRD4pB7ekXWD9yZbSYzQGqJqIQ4kZazSEjDBmuB8RCRNv7G3p1AJXw==
aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
data.schemaapp.com/Acronis/
0
534 B
XHR
General
Full URL
https://data.schemaapp.com/Acronis/aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
Requested by
Host: cdn.schemaapp.com
URL: https://cdn.schemaapp.com/javascript/schemaFunctions.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:de00:1f:d9e6:d540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
x-api-key
7R2HB-ZRW2I-3JX18-IKS7I

Response headers

x-amz-version-id
null
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
age
718
x-cache
Error from cloudfront
access-control-max-age
3000
strict-transport-security
max-age=31536000; includeSubDomains;
content-length
0
last-modified
Mon, 11 Jun 2018 21:03:27 GMT
server
AmazonS3
date
Wed, 02 Dec 2020 21:10:54 GMT
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
x-amz-cf-id
ktsQUpMaJ1_senWGBVQ9Gqa3fheugDJlKtb6ht4wVTc4qp1zNmW1kg==
highlight.js
cdn.schemaapp.com/javascript/
19 KB
7 KB
Script
General
Full URL
https://cdn.schemaapp.com/javascript/highlight.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PFG6ZF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:d600:a:6e64:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f148410d55aab5691b885d06c8a5152cab3419f11b15ad37e775f599886cba83

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
JfbIe9eM0ENyyp2M0nseoVYARKaiRZmY
content-encoding
gzip
etag
"fe09fbf02d698711edf1568af018f588"
last-modified
Mon, 23 Nov 2020 23:09:06 GMT
server
AmazonS3
age
71349
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
cache-control
max-age=699840
date
Wed, 02 Dec 2020 01:33:33 GMT
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
HFysjbv1xhW6mQZLGp6JhrjsDacKt22ko8ItE1VLuRXbLqE4NX1Rjg==
events
logx.optimizely.com/v1/
0
360 B
XHR
General
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/627870150.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.210.188.115 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-210-188-115.compute-1.amazonaws.com
Software
nginx/1.17.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 02 Dec 2020 21:22:41 GMT
Server
nginx/1.17.2
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.acronis.com
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
08f19f45-4e21-4e9a-be1a-f17c4ba3cbb6
modules.0607bc475b5a3c4f001b.js
script.hotjar.com/
220 KB
58 KB
Script
General
Full URL
https://script.hotjar.com/modules.0607bc475b5a3c4f001b.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1392672.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.4 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-4.fra2.r.cloudfront.net
Software
/
Resource Hash
543ba42b721b7288890c65e8772af3bc6e075a0d0b67c4e3313eeb70386c16c8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 19:28:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
6872
x-cache
Hit from cloudfront
content-length
59026
access-control-allow-origin
*
last-modified
Wed, 02 Dec 2020 19:24:27 GMT
etag
"8aa1d75863dcb0ca19f92bc0e3fed837"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 d7e55181ad8192e74c103c6003cd4d9c.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
_EzZ5dUUvyBVcbOiz1lO0gcY7zp7rikl8gYiVL9pCTWw68jTZyPXQA==
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D54926%26time%3D1606944161531%26url%3Dhttps%253A%252F%252Fwww.acronis.com%252Fen-u...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&liSync=true
0
81 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&liSync=true
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:42 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
Dk2pjDMDTRaQsQGxbysAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
linkedin-action
1
content-length
0
x-li-uuid
MrP3hTMDTRago0bLaysAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: C31AE6C5C3184D8EB6BD8B1AEDC7DC94 Ref B: FRAEDGE1117 Ref C: 2020-12-02T21:22:41Z
x-frame-options
sameorigin
date
Wed, 02 Dec 2020 21:22:41 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=54926&time=1606944161531&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1035527513/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1035527513/?random=1606944161533&cv=9&fst=1606944161533&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5568bc6a98137a2fccd961f17947a1545a224450a52246f5628704582b271e1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1046
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/866654756/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/866654756/?random=1606944161536&cv=9&fst=1606944161536&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
09a51e08f44819a125926bb7e5c78d3847724bd609a87d5ac0c869552011682a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1048
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame A7DF
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1392672.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.194.78 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-194-78.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/

Response headers

content-type
text/html
content-length
851
date
Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified
Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 5a5b94c62ea85e0c0d78b169589b08b5.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
VwxcfpOUQGPRShdYeZWMInAlS9JotbjErnDjiSzIK59muTBf_h1JLQ==
age
793298
aHR0cHM6Ly93d3cuYWNyb25pcy5jb20
cdn.schemaapp.com/highlighter/prod/
35 KB
3 KB
XHR
General
Full URL
https://cdn.schemaapp.com/highlighter/prod/aHR0cHM6Ly93d3cuYWNyb25pcy5jb20
Requested by
Host: cdn.schemaapp.com
URL: https://cdn.schemaapp.com/javascript/highlight.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:d600:a:6e64:b280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d0b7e7caa7da5408a41beb62bb8cb471a547ea6e323cbf1aa58a051ceb6880a4

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:05:57 GMT
content-encoding
gzip
age
1005
x-amz-server-side-encryption
AES256
x-amz-meta-url
https://www.acronis.com
access-control-max-age
3000
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 02 Dec 2020 21:05:54 GMT
server
AmazonS3
etag
W/"44696087d304192dcedfbb1b3b0daf37"
x-amz-meta-source
SchemaApp
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET, HEAD
x-amz-version-id
uoJUm_mYIaN65onjmc7CDOOyHFz.AgL8
via
1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront)
cache-control
max-age=699840
x-amz-cf-pop
FRA56-C1
content-type
application/json
x-amz-cf-id
y9LY-IzpfouBtdU3G1VsdFV-LWQiR9ItGDytR6pMFtUI44M9CUB7pg==
/
www.google.com/pagead/1p-user-list/1035527513/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/1035527513/?random=1606944161533&cv=9&fst=1606942800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&async=1&fmt=3&is_vtc=1&random=43497020&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1035527513/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/1035527513/?random=1606944161533&cv=9&fst=1606942800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&async=1&fmt=3&is_vtc=1&random=43497020&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/866654756/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/866654756/?random=1606944161536&cv=9&fst=1606942800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&async=1&fmt=3&is_vtc=1&random=2212630576&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/866654756/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/866654756/?random=1606944161536&cv=9&fst=1606942800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&tiba=Taking%20Deep%20Dive%20into%20Sodinokibi%20Ransomware%20%7C%20Acronis.com&async=1&fmt=3&is_vtc=1&random=2212630576&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.acronis.com
URL: https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Dec 2020 21:22:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vI09yZ2FuaXphdGlvbg
data.schemaapp.com/Acronis/
3 KB
2 KB
XHR
General
Full URL
https://data.schemaapp.com/Acronis/aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vI09yZ2FuaXphdGlvbg
Requested by
Host: cdn.schemaapp.com
URL: https://cdn.schemaapp.com/javascript/highlight.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:de00:1f:d9e6:d540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7ca96b22479c628500ee3ee8b3867107740f7ec81aa2fd9a2e0b5a9d7135372
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
GkIZeHR2obPi1y.xZXymKRndiKCFLI4o
content-encoding
gzip
age
447
x-amz-server-side-encryption
AES256
x-amz-meta-url
https://www.acronis.com/#Organization
access-control-max-age
3000
x-amz-meta-mainaccount
Acronis
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000; includeSubDomains;
access-control-allow-origin
*
last-modified
Sat, 31 Oct 2020 18:16:31 GMT
server
AmazonS3
x-amz-meta-accountid
Acronis
etag
"39722523c894ff47e299f62c3c8129eb"
x-amz-meta-source
Editor
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET, HEAD
content-type
application/json
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
cache-control
max-age=699840
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
-gWffkqHJ34N2xMEW03nmT7oxUCDc8J-YwMgbB0HDAcCXAZpzJv1ow==
date
Wed, 02 Dec 2020 21:15:15 GMT
visit-data
in.hotjar.com/api/v2/client/sites/1392672/
178 B
321 B
XHR
General
Full URL
https://in.hotjar.com/api/v2/client/sites/1392672/visit-data?sv=6
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0607bc475b5a3c4f001b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.150.2 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-150-2.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 02 Dec 2020 21:22:41 GMT
content-encoding
br
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
getForm
app-sjh.marketo.com/index.php/form/
5 KB
2 KB
Script
General
Full URL
https://app-sjh.marketo.com/index.php/form/getForm?munchkinId=929-HVV-335&form=12614&url=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&callback=jQuery112408025158929763887_1606944160671&_=1606944160672
Requested by
Host: promo.acronis.com
URL: https://promo.acronis.com/js/forms2/js/forms2.js?bv=qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9785b6581a146b6c48d735092ee33ee190536f723014ee9e8d5243f04e582dab

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
06c6ef19140000d87db42e7000000001
content-encoding
gzip
server
cloudflare
date
Wed, 02 Dec 2020 21:22:42 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cf-ray
5fb81ad4e9c3d87d-CPH
cached
true
forms2.css
app-sjh.marketo.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://app-sjh.marketo.com/js/forms2/css/forms2.css
Requested by
Host: promo.acronis.com
URL: https://promo.acronis.com/js/forms2/js/forms2.js?bv=qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
6400
vary
Accept-Encoding
content-length
2623
cf-request-id
06c6ef19670000d87d69283000000001
last-modified
Mon, 12 Oct 2020 17:13:35 GMT
server
cloudflare
etag
"3c0ea0-3437-5b17c6b21edc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
5fb81ad57a68d87d-CPH
expires
Thu, 03 Dec 2020 01:22:42 GMT
forms2-theme-simple.css
app-sjh.marketo.com/js/forms2/css/
826 B
483 B
Stylesheet
General
Full URL
https://app-sjh.marketo.com/js/forms2/css/forms2-theme-simple.css
Requested by
Host: promo.acronis.com
URL: https://promo.acronis.com/js/forms2/js/forms2.js?bv=qko7pv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 02 Dec 2020 21:22:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
6400
vary
Accept-Encoding
content-length
242
cf-request-id
06c6ef19670000d87da024b000000001
last-modified
Mon, 12 Oct 2020 17:13:35 GMT
server
cloudflare
etag
"3c0ea1-33a-5b17c6b21edc0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63113904
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
5fb81ad57a69d87d-CPH
expires
Thu, 03 Dec 2020 01:22:42 GMT
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
178 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ce37d604571d19252b9b236a8d0380f9f6938e47914ab91dac33c96f83cb8b3c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
890 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be94a4a2fdaf3247c7ce8db85f402ad65bf03f15c048b3ac75a73e3367da8c36

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
XDFrame
app-sjh.marketo.com/index.php/form/ Frame ABB3
0
0
Document
General
Full URL
https://app-sjh.marketo.com/index.php/form/XDFrame
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/c570eb43-1169-4222-914c-38a09bd70ca0/OtAutoBlock.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
app-sjh.marketo.com
:scheme
https
:path
/index.php/form/XDFrame
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cf_bm=c16ff163646c89e932209032aacd38f53e43d88e-1606944162-1800-Af9pzWk9nZ9FuL3l7eRXfU1UkrZ5WoPxSzCF0hzngSO2CKPBh2ZKHWWYg1j3MdMkv5CsIOa6HrxfYV+GlZZ7Lxk=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/

Response headers

date
Wed, 02 Dec 2020 21:22:43 GMT
content-type
text/html; charset=utf-8
content-length
650
set-cookie
__cfduid=d4f7ab8502d250c07be001e7af7a809141606944162; expires=Fri, 01-Jan-21 21:22:42 GMT; path=/; domain=.app-sjh.marketo.com; HttpOnly; SameSite=Lax BIGipServersjhweb-nginx-app_https=!znyvsFRmWLyXtbDInuzRy4alk/3R/grGl+P8pXkF0OVUUTiJeiP5zO45qEMSHwp+KoKC8ZV+hQBno84=;Path=/;Version=1;Secure;Httponly
cache-control
max-age=3600
strict-transport-security
max-age=63113904
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
cf-cache-status
DYNAMIC
cf-request-id
06c6ef19b20000d87d53219000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5fb81ad5eb24d87d-CPH
aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
data.schemaapp.com/Acronis/
0
528 B
XHR
General
Full URL
https://data.schemaapp.com/Acronis/aHR0cHM6Ly93d3cuYWNyb25pcy5jb20vZW4tdXMvYXJ0aWNsZXMvc29kaW5va2liaS1yYW5zb213YXJlLw
Requested by
Host: cdn.schemaapp.com
URL: https://cdn.schemaapp.com/javascript/schemaFunctions.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:de00:1f:d9e6:d540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
null
via
1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-cf-pop
FRA2-C2
x-cache
Error from cloudfront
access-control-max-age
3000
strict-transport-security
max-age=31536000; includeSubDomains;
content-length
0
last-modified
Mon, 11 Jun 2018 21:03:27 GMT
server
AmazonS3
date
Wed, 02 Dec 2020 21:22:42 GMT
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
qgV8Ebgd5X8LE_NGCbRPZ_s-L9Nh7lKJmR4AKX0eyI3PkuJ0UJxhog==
prod
0yl6pcjbij.execute-api.us-east-1.amazonaws.com/ Frame
0
0
Other
General
Full URL
https://0yl6pcjbij.execute-api.us-east-1.amazonaws.com/prod
Protocol
H2
Server
52.54.207.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-207-18.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-api-key
Origin
https://www.acronis.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 02 Dec 2020 21:22:51 GMT
content-type
application/json
content-length
0
x-amzn-requestid
f4b9c8de-a0d6-409b-8040-bfabd87870fd
access-control-allow-origin
*
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id
W8XS4HCIIAMFpPA=
access-control-allow-methods
POST,OPTIONS
prod
0yl6pcjbij.execute-api.us-east-1.amazonaws.com/
257 B
461 B
XHR
General
Full URL
https://0yl6pcjbij.execute-api.us-east-1.amazonaws.com/prod
Requested by
Host: cdn.schemaapp.com
URL: https://cdn.schemaapp.com/javascript/highlight.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.54.207.18 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-207-18.compute-1.amazonaws.com
Software
/
Resource Hash
6e1c5dc459a0137fe18bdee10bb674b7549e9493ed62a1a082b79808a3ea5dae

Request headers

Referer
https://www.acronis.com/en-us/articles/sodinokibi-ransomware/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
X-API-KEY
BiQcqdttWn7eunp8jvxM5oZl3DIx08J42LtTmaaj
content-type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 02 Dec 2020 21:22:52 GMT
x-amzn-requestid
100fd5b9-d904-473c-8bec-b968e13c7b3a
x-amz-apigw-id
W8XS6EssIAMFmKQ=
x-amzn-trace-id
Root=1-5fc805ac-23d94eaf781b6bc71d9d997f
content-length
257
content-type
application/json

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated undefined| _ object| optimizely object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper function| jsonFeed function| webpackJsonp undefined| $ function| jQuery string| GoogleAnalyticsObject function| ga object| metro_analytics_init object| kharkiv_init object| metro_analytics object| kharkiv object| MktoForms2 object| google_tag_manager function| postscribe function| domready object| drupalSettings object| drupalTranslations object| Drupal function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| otStubData object| google_tag_data object| uetq string| _linkedin_data_partner_id function| fbq function| _fbq object| _6si function| hj object| _hjSettings object| Acronis object| IntlPolyfill function| onYouTubeIframeAPIReady object| AcronisTrialForm function| setImmediate function| clearImmediate object| __core-js_shared__ object| core function| IMask function| openShare object| Optanon object| OneTrust object| MunchkinTracker function| schemaLoad object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| lintrk boolean| _already_called_lintrk function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| schema_highlighter object| objects object| jQuery112408025158929763887

11 Cookies

Domain/Path Name / Value
www.acronis.com/ Name: _hjIncludedInPageviewSample
Value: 1
.acronis.com/ Name: _hjFirstSeen
Value: 1
.acronis.com/ Name: _hjid
Value: f9933564-1138-4065-9ad5-eb8a62b9d70d
.acronis.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Wed+Dec+02+2020+22%3A22%3A41+GMT%2B0100+(Central+European+Standard+Time)&version=6.6.0&hosts=&consentId=55c9c93e-fb2d-498a-b416-91f9928ec614&interactionCount=0&landingPath=https%3A%2F%2Fwww.acronis.com%2Fen-us%2Farticles%2Fsodinokibi-ransomware%2F&groups=C0001%3A1%2CC0004%3A0%2CC0003%3A0%2CC0002%3A0
www.acronis.com/ Name: _hjIncludedInSessionSample
Value: 0
.acronis.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.acronis.com/ Name: _mkto_trk
Value: id:929-HVV-335&token:_mch-acronis.com-1606944161463-51750
.acronis.com/ Name: _hjTLDTest
Value: 1
.acronis.com/ Name: _gcl_au
Value: 1.1.242232518.1606944161
www.acronis.com/ Name: language_prefix
Value: en-us
.acronis.com/ Name: optimizelyEndUserId
Value: oeu1606944160411r0.7092293400637746

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.schemaapp.com/javascript/highlight.js(Line 1)
Message:
Pushing Template (1) with uri: http://schemaapp.com/resources/Company/Acronis/Template20201031154348

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0yl6pcjbij.execute-api.us-east-1.amazonaws.com
929-hvv-335.mktoresp.com
a627870150.cdn.optimizely.com
ad.doubleclick.net
adservice.google.com
adservice.google.de
app-sjh.marketo.com
cdn.cookielaw.org
cdn.optimizely.com
cdn.schemaapp.com
connect.facebook.net
data.schemaapp.com
fonts.googleapis.com
geoapi.acronis.com
geolocation.onetrust.com
googleads.g.doubleclick.net
in.hotjar.com
logx.optimizely.com
munchkin.marketo.net
promo.acronis.com
px.ads.linkedin.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
vars.hotjar.com
www.acronis.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
104.111.218.144
104.111.236.192
104.16.95.80
104.17.72.206
13.224.194.32
13.224.194.4
13.224.194.78
172.217.22.38
192.28.147.68
216.58.205.226
2600:9000:206f:d600:a:6e64:b280:93a1
2600:9000:21f3:de00:1f:d9e6:d540:93a1
2606:4700:10::6814:b944
2606:4700::6810:9540
2620:1ec:21::14
2a00:1450:4001:806::2008
2a00:1450:4001:814::200a
2a00:1450:4001:817::2002
2a00:1450:4001:81a::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:824::2002
2a02:26f0:10c:58e::25ea
2a02:26f0:6c00:284::13b8
2a03:2880:f01c:8012:face:b00c:0:3
2a05:f500:11:101::b93f:9005
34.120.97.237
34.251.150.2
52.54.207.18
54.210.188.115
69.20.59.80
023da943a1e13eb20a728eab468bdb01441823ffbf543ecab327e0eb03d606ad
09a51e08f44819a125926bb7e5c78d3847724bd609a87d5ac0c869552011682a
0aa756ec1fe48b300d1745aa3aa74f9d2549a5daa465fc11e00c9d2536426d55
0dc457ea0ed5d9a35087fe774c7acb11943fe134e44e5b5f4aa4895b080df19f
0e49af20d8b666040df0a4450905172e187916b81ce9a9ecc9b313483bf632d3
0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396
0eeeaf8d98469863e42b400c052fe28d729fcc73197d6a7b451a035fead26351
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
159c420ea0927167f37716d4136ab1ca6e1e1b72e3827aa7f3251d8835889c39
175b36257911c358180606dd88c49ec593dcf1e338b02e4bcc7447324c462287
1a9025fb8d2a7e073c1b7a62143ce614d635d7febef6f0d7c2f53d31500fffeb
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
289cc9d685133505be87d909057b35ae196c82cd3f01dbf7917faa8b0013a110
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
30b509528a09195b7a7080345419048fd35269803cdfeab438a98c2176a1d9d0
3137083b818f881c81c044a69f82c0e90404cb5c8e368cd8ca35517701f84a7c
32d3728532d1a3705f96169e197becdb8f71ba2559dbb25193a2074c697218d3
32e721f04613ecb5b21c772a19cd0e505669a1554fd3b1e3904a94492aa4c9ec
34c0d99f49fb1d3d6b8db4af054f2701503b561c1b7361de5257a0fe5d9eeb99
36a74e9a072e00629e4270fb5abe4c47155cd97d8b2d61ea02be480381c5988f
37d6641482044d6c680424a59567386c84bb5bb38f6d2749ccca9f233015b80b
3afb48630b3217015db47ce9246b6876a93b8674bab8397a38beee03ff51e26f
418306128be4170c829d1b8e461be02a91344115845abaf8e8c45dd7409ce11b
423de53ddb52b5a2d45d5a4b1f5cd1dda77a8c414cd61ba95259c62228055688
4267dea72a0c69575594fb0f90a8d967b618ce5b92fe7ae7072880bb2612ad46
442412c80f9a450e510273d1c8baffc386710a68bbfb7d046cd0707e83433f91
450b3b21b9597e8d366458c706c45c8c851fccf83400333aba6d06aba95a4275
45351ca2bcca3a61f7195dca8256d3919497db115f3e405033ae750fbd431357
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
48040206065809b723e0d8a9c050210f231e8d6ed1c95e84d970f6204e73919c
4b7f2615dd8592ffd1de68f27e15667aa9bb44da275fac59c599a789f753c595
51cd732c5842ff178986202f25d91b0ddf140d58f89c7c48b79a0ae3f62da97e
52bbc935dcaf76771f7b143b743cc2fff28b344eb76f697832b56feba015ee0c
532b5cab4652d3becb399246829cff8b5886ab5d61cd17211defda3d5bd92046
543ba42b721b7288890c65e8772af3bc6e075a0d0b67c4e3313eeb70386c16c8
5568bc6a98137a2fccd961f17947a1545a224450a52246f5628704582b271e1c
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57fa243abb125e4255190477f7e20d56fe2943b786d923b3fc58d77bda6f0e20
586d3d8ff27abf274d3e20decac3d0120f809c014cc688f43839ed841fc332df
5938ee8613fd4b6ec40ab3550f1815ca808421fd9df6bc92b5807aa03cab04f0
594625a9541d5c173456c0348b2bc357183eea3000f7b2f593ef9baab4f53b09
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5dfe822d22c64b0cbaff5da28a11b21ee2193a5c20830369f5f7cd63b263faa1
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
61a9c0faa6a7ee3c726d3df4979c686bd1ec4e1cf669a825fbc637da88106d3f
645e400c9ad51c7189ea05556a32cba9b32462d4e93ea7b7ebc5de2a09b8892a
6787aa03cf26c59a44125d9648fdea8e89352b3c7a036ab67b8d9b2894e312e7
6e1c5dc459a0137fe18bdee10bb674b7549e9493ed62a1a082b79808a3ea5dae
6f74a330707b772d4e73a242ca207d3368ca42fede4174bbf482d430070cff5f
717f45945b11000cc9891a701635b77cee8f54f083fcf694f3737152d2594911
7590d5728c261f6f1947346b616a5964509bdd255b1886175192e980405acd5e
779ad2add09f360ecc3615328fafb38b351a3bc5fd0238728201de709a7b1ccb
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
85d39a1c28d15905afa74badc4a31bdc4238a54b12d8d7e4ea6fc47624bd2ede
8691ccf42c10f3c66933e952648641de3b9fcdd0cf1e68a567cd3184ca5c3712
87e8792f457ebb63bab65ef7b162cd7c5adc13724019bcce32c25cb0d16d2782
8a4245b2e5b04de2dc4a0870c3bb634081645a373180ded57ab36c11792111f3
8f10a5fb22571e9a0abba0525db5135ff2ee5086d2e360da5fbe257818aefb64
9237fb18f25cbee5ec1de3e8cf442e88c6fc00330ec67b0cb42ed54b8b86ffe4
94defc6c512d6254028dec825fb0e4f26901981ff84bbca852c744ecbe18727f
9785b6581a146b6c48d735092ee33ee190536f723014ee9e8d5243f04e582dab
98334c30dc64e87f1600516ec344b77d2cb63fd005da6cda7d4bde2db9135538
9a945892c30069e0f3e670ca27025fb18f1900ea029ed6212a541fd256ea6d06
9d0d33ff3cbe6054d46a549c75a09323fc711113b82fde575003df837cb9f4e0
9d4bb34d313fb689d5f8abe4bceaf7dceb7aa12b019af89ebdd131a6d3c6a857
9ea7f0a7844cada198d1e8a28343cc081d3631c716c9dd53d889e4b7feae04ac
a4002d856e575601b351be144c9d7e4e6977286644fede72a7de1638844722aa
a673e0d372c53a44997b24f1864357578181bd10dd6dc1a421e975d3f5bef4b6
a7ca96b22479c628500ee3ee8b3867107740f7ec81aa2fd9a2e0b5a9d7135372
a8431bfe4316cdc20de936e824f735c9478bbc9ce3d3a51c774eca45faff637f
ad0ec55f333283ee17c21b9578442e6bc61094c17c30fcd45eba8a05e86eb274
ad7dabcb0743de3053b3e137c361f39f3189ba2ed313cbf1eab1db3518a54bab
b0390aa3e137e3e49d7d6ed5d86c208fec1dd45ff8a56836c3f86c2e32cd2d7a
bc94efcfd6c5ddbf10e95f4755ad417beddd848829224bebf593030a1fa65ac6
be94a4a2fdaf3247c7ce8db85f402ad65bf03f15c048b3ac75a73e3367da8c36
bed1f982188ae10d946b60e603ef7d20c8547c1da8ef13b0815ae8386a2df635
c79f45aa72da8267dd5abcffe78bfd8fbc9add544bbccf6db01d5b6f54e1c7d8
ce37d604571d19252b9b236a8d0380f9f6938e47914ab91dac33c96f83cb8b3c
ce5724cfeb506d9fc65a248fc63c9a237f25816e3c4193fef19eeeda5a3c746d
d0b7e7caa7da5408a41beb62bb8cb471a547ea6e323cbf1aa58a051ceb6880a4
d908f775bc650986b53800676bea73928d303f7beef3c7e5c5756553ea4cd279
ddf4390f3919843b301fa4681c8e56eb9768c96ef314c5fc71bd0476759bb03b
de59e5a747850061e4f9ce11800bf303b7081020b9be9abfba7dc4880d416190
e0cc0930a1ab7e9ae754783576228f3c32caa07605236711cf81035f3f45f0ea
e22a881c1af7f1f78124dd7948f5ef6675bd177eae76853fd16b1c0e803a2382
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e875e2f97b06444c312369734f5676b387d8cea1240d65127e93585b1eba0e
e76027553f07b5a85829df4ea260a34213545288948893674a62182ed36ff295
e9406126b58566d7dac6f08a6faf0846d054a61ea45a4585ff988fe898ea2c83
eafc7665fb2f86569470bad0dbfe300d4d77cfee5eb90ec9612c31246c633e7e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f148410d55aab5691b885d06c8a5152cab3419f11b15ad37e775f599886cba83
f7f5d9ee8b4bbcd310b778a50a3b731a3673dddd267b2b74c707bffe7aa16d41
fc0b73aea3ac12295f433f013430669d4da590b287ed785bdad15a2210e011ac
fdb53f28a8f90511c96480ca58b5e0310f0d3eab94766058a40f772b6a0e610a
fde9ce634d1adae8c8904c20ec081d22a4c93626f15e5844a9d0398e03598933
ff99762ffbd0263fbb63faebced748d563075463b65b945bb5af76b6ee0ea01b