threatvector.cylance.com Open in urlscan Pro
54.148.87.203 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Submission: On September 30 via api (September 30th 2019, 9:37:06 pm UTC) from CH

Summary HTTP 116 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 39 IPs in 7 countries across 41 domains to perform 116 HTTP transactions. The main IP is 54.148.87.203, located in Boardman, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is threatvector.cylance.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on June 12th 2019. Valid for: a year.

This is the only time threatvector.cylance.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	54.148.87.203 54.148.87.203	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.139.237.11 151.139.237.11	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
12	2a02:26f0:6c0... 2a02:26f0:6c00:28b::9b6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	108.128.26.6 108.128.26.6	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
4	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	192.28.147.68 192.28.147.68	53580 (MARKETO) (MARKETO - MARKETO)
1	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
5	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE - Google LLC)
1	143.204.214.125 143.204.214.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.222.157.128 52.222.157.128	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	52.211.150.253 52.211.150.253	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	143.204.214.57 143.204.214.57	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE - Google LLC)
1	52.49.100.189 52.49.100.189	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2620:119:50e6... 2620:119:50e6:101::6cae:b05	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2620:119:50e4... 2620:119:50e4:101::6cae:b51	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
4	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
15 19	54.247.188.17 54.247.188.17	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 2	52.29.20.136 52.29.20.136	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	52.29.22.127 52.29.22.127	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	69.173.144.136 69.173.144.136	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 3	151.101.14.2 151.101.14.2	54113 (FASTLY) (FASTLY - Fastly)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
2 2	2a00:1288:110... 2a00:1288:110:833::4000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 2	52.29.202.222 52.29.202.222	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 2	18.196.219.117 18.196.219.117	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	37.252.173.38 37.252.173.38	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
116	39

29 54.148.87.203 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-148-87-203.us-west-2.compute.amazonaws.com

threatvector.cylance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.18.232.23 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.96.80 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

app-sj16.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.139.237.11 (Dallas, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

cdn.rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:26f0:6c00:28b::9b6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

s7d2.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.26.6 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-108-128-26-6.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cylance.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.223 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.147.68 (United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

524-dom-989.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.22.66 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f66.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.125 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-125.fra53.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.157.128 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-157-128.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.150.253 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-150-253.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.214.57 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-57.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.100.189 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-100-189.eu-west-1.compute.amazonaws.com

cylance.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:119:50e6:101::6cae:b05 (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:119:50e4:101::6cae:b51 (United States) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.40 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 54.247.188.17 (Dublin, Ireland) 15 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-247-188-17.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.20.136 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-20-136.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.22.127 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-22-127.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.136 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.14.2 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY - Fastly, US)

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:110:833::4000 (United Kingdom) 2 redirects

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.202.222 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-202-222.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.219.117 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-219-117.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.38 (Ascension Island)

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	cylance.com threatvector.cylance.com	453 KB
23	adroll.com 15 redirects s.adroll.com d.adroll.com	27 KB
12	scene7.com s7d2.scene7.com	187 KB
11	adobedtm.com assets.adobedtm.com	65 KB
5	bizible.com cdn.bizible.com	34 KB
4	yahoo.com 3 redirects ups.analytics.yahoo.com ads.yahoo.com	2 KB
4	doubleclick.net 2 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net	3 KB
4	gstatic.com fonts.gstatic.com	49 KB
3	facebook.net connect.facebook.net	121 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	google.de www.google.de	375 B
3	google.com 1 redirects www.google.com	458 B
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	demdex.net dpm.demdex.net cylance.demdex.net	2 KB
2	openx.net 1 redirects us-u.openx.net	480 B
2	bidswitch.net 1 redirects x.bidswitch.net	909 B
2	3lift.com 1 redirects eb2.3lift.com	694 B
2	outbrain.com 1 redirects sync.outbrain.com	699 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	advertising.com 2 redirects pixel.advertising.com	721 B
2	bidr.io 2 redirects match.prod.bidr.io	752 B
2	googleadservices.com www.googleadservices.com	19 KB
2	licdn.com snap.licdn.com	6 KB
2	bing.com bat.bing.com	8 KB
2	marketo.net munchkin.marketo.net	6 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	rawgit.com cdn.rawgit.com	5 KB
2	marketo.com app-sj16.marketo.com	58 KB
1	facebook.com www.facebook.com	319 B
1	rlcdn.com idsync.rlcdn.com	40 B
1	adnxs.com ib.adnxs.com	875 B
1	taboola.com trc.taboola.com	262 B
1	pubmatic.com simage2.pubmatic.com	863 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	omtrdc.net cylance.sc.omtrdc.net	393 B
1	demandbase.com tag.demandbase.com	15 KB
1	ytimg.com s.ytimg.com	9 KB
1	mktoresp.com 524-dom-989.mktoresp.com	303 B
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	youtube.com www.youtube.com	1 KB
1	googleapis.com fonts.googleapis.com	558 B
116	41

	Domain	Requested by
29	threatvector.cylance.com	threatvector.cylance.com www.google-analytics.com
19	d.adroll.com	15 redirects threatvector.cylance.com
12	s7d2.scene7.com	threatvector.cylance.com
11	assets.adobedtm.com	threatvector.cylance.com
5	cdn.bizible.com	threatvector.cylance.com cdn.bizible.com
4	s.adroll.com	threatvector.cylance.com
4	fonts.gstatic.com	app-sj16.marketo.com threatvector.cylance.com
3	connect.facebook.net	s.adroll.com connect.facebook.net
3	www.google.de	threatvector.cylance.com
3	www.google.com	1 redirects threatvector.cylance.com
2	us-u.openx.net	1 redirects
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	ads.yahoo.com	2 redirects
2	sync.outbrain.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	pixel.advertising.com	2 redirects
2	px.ads.linkedin.com	1 redirects
2	googleads.g.doubleclick.net	threatvector.cylance.com
2	segments.company-target.com	1 redirects threatvector.cylance.com
2	match.prod.bidr.io	2 redirects
2	www.googleadservices.com	threatvector.cylance.com assets.adobedtm.com
2	snap.licdn.com	threatvector.cylance.com snap.licdn.com
2	bat.bing.com	threatvector.cylance.com
2	munchkin.marketo.net	threatvector.cylance.com munchkin.marketo.net
2	www.google-analytics.com	1 redirects threatvector.cylance.com
2	dpm.demdex.net	threatvector.cylance.com
2	cdn.rawgit.com	threatvector.cylance.com
2	app-sj16.marketo.com	threatvector.cylance.com app-sj16.marketo.com
1	www.facebook.com
1	cm.g.doubleclick.net	1 redirects
1	idsync.rlcdn.com
1	ib.adnxs.com
1	trc.taboola.com
1	simage2.pubmatic.com
1	pixel.rubiconproject.com
1	www.linkedin.com	1 redirects
1	cylance.sc.omtrdc.net	threatvector.cylance.com
1	stats.g.doubleclick.net	1 redirects
1	api.company-target.com	threatvector.cylance.com
1	tag.demandbase.com	threatvector.cylance.com
1	s.ytimg.com	www.youtube.com
1	524-dom-989.mktoresp.com	threatvector.cylance.com
1	cm.everesttech.net	1 redirects
1	cylance.demdex.net	threatvector.cylance.com
1	www.youtube.com	threatvector.cylance.com
1	fonts.googleapis.com	threatvector.cylance.com
116	48

This site contains links to these domains. Also see Links.

Domain
www.cylance.com
www.facebook.com
www.youtube.com
twitter.com
www.linkedin.com
shop.cylance.com

Subject Issuer	Validity	Valid
*.cylance.com DigiCert SHA2 Secure Server CA	`2019-06-12` - `2020-09-18`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-06-27` - `2021-07-01`	2 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
app-sj16.marketo.com CloudFlare Inc ECC CA-2	`2019-02-22` - `2020-02-22`	a year	crt.sh
rawgit.com COMODO RSA Domain Validation Secure Server CA	`2018-12-29` - `2020-01-13`	a year	crt.sh
*.scene7.com DigiCert SHA2 Secure Server CA	`2019-01-02` - `2020-03-02`	a year	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2019-03-14` - `2021-04-13`	2 years	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
www.google.com GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
www.google.de GTS CA 1O1	`2019-09-05` - `2019-11-28`	3 months	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-03-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-08-24` - `2019-10-19`	2 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-05-08` - `2019-11-04`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2019-07-17` - `2020-03-09`	8 months	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-07-30` - `2020-07-25`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.3lift.com Amazon	`2019-07-17` - `2020-08-17`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2019-04-17` - `2020-05-04`	a year	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh

This page contains 2 frames:

Primary Page: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Frame ID: DA3DCD5B35FF2FCF52568B1314AD4007
Requests: 115 HTTP requests in this frame

Frame: https://cylance.demdex.net/dest5.html?d_nsid=0
Frame ID: A2E0134C6651EECD449B9159C50D5699
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/etc.clientlibs\//i

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+foundation[^>"]+css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

116
Requests

100 %
HTTPS

38 %
IPv6

41
Domains

48
Subdomains

39
IPs

7
Countries

1081 kB
Transfer

3091 kB
Size

3
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cylance.com/en-us/company/about-us/privacy-notice.html
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.cylance.com/
Title: Cylance.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CylanceInc

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/CylanceInc

Search URL Search Domain Scan URL

URL: https://twitter.com/cylanceinc

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cylanceinc

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/index.html
Title: Who We Are

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/resources/knowledge-center/index.html
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/news.html
Title: Cylance News

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/news-and-press/press-releases.html
Title: Press Releases

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/company/about-us/terms-of-service.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/index.html
Title: CylancePROTECT

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/products/our-products/optics.html
Title: CylanceOPTICS

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/platform/products/cylance-threatzero.html
Title: Cylance ThreatZERO

Search URL Search Domain Scan URL

URL: https://shop.cylance.com/us
Title: Cylance Smart Antivirus

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en_us/services/left-structure-nav/overview/consulting.html
Title: Consulting Overview

Search URL Search Domain Scan URL

URL: https://www.cylance.com/en-us/solutions/industry/index.html
Title: Industry Overview

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://cm.everesttech.net/cm/dd?d_uuid=49212016190433715853136881157866617730 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZJ1awAAFWXBWBN_

Request Chain 71

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw&verifyHash=ab3c747c771da7bbc952a1217c4f2eb6d644075e

Request Chain 79

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=831374643&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&ul=en-us&de=UTF-8&dt=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KHBAAAAB~&jid=1875270207&gjid=1852002337&cid=1924579897.1569879403&tid=UA-33464378-1&_gid=1525153272.1569879403&_r=1&z=345379810 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_gid=1525153272.1569879403&gjid=1852002337&_v=j79&z=345379810 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810&slf_rd=1&random=3744682400

Request Chain 87

https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569879410071%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fhome%252Finside-the-apt28-dll-backdoor-blitz.html%26fmt%3Djs%26s%3D1%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true

Request Chain 95

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&pv=73743644275.1263&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html HTTP 302
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Request Chain 98

https://d.adroll.com/cm/aol/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-062dcfc35558 HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-062dcfc35558&verify=true

Request Chain 99

https://d.adroll.com/cm/index/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410&C=1

Request Chain 100

https://d.adroll.com/cm/n/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expires=365

Request Chain 101

https://d.adroll.com/cm/outbrain/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&rdrctExp=true

Request Chain 102

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 103

https://d.adroll.com/cm/r/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 104

https://d.adroll.com/cm/taboola/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

Request Chain 105

https://d.adroll.com/cm/triplelift/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e&gdpr=1&cmp_cs=

Request Chain 106

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 107

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

Request Chain 108

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

Request Chain 109

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=dc1c91619b86ae8691ce2d869c1bd5ec

Request Chain 110

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec

Request Chain 111

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=3ByRYZuGroaRzi2GnBvV7A HTTP 302
https://d.adroll.com/cm/g/in

116 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set inside-the-apt28-dll-backdoor-blitz.html Show response
threatvector.cylance.com/en_us/home/ 71 KB
19 KB 1035ms
528ms Document
text/html 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b1756b96e3bd84287ee83fefd065c0357f1a90e510c089d244c09dccdd8c4648

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: threatvector.cylance.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Type: text/html;charset=utf-8
Date: Mon, 30 Sep 2019 21:36:42 GMT
ETag: W/"11ba5-593cc081cbe82-gzip"
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Last-Modified: Mon, 30 Sep 2019 21:36:42 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Set-Cookie: AWSELB=4D0BDD9F0A163D48ECFEF400CB706ACF82CD0195C8D5AF0B639C0FF52381F196F79B59DABDA65005DB13B5CC961C67EC4A82E113711D6D70A536F9B759B0F5D706ABCD580A;PATH=/;MAX-AGE=900
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 18623
Connection: keep-alive

GET
H/1.1 200
OK main.731db1757391070f3ea2ead82acaf408.css
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 12 KB
3 KB 162ms
161ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.731db1757391070f3ea2ead82acaf408.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2eda-591e577dc0700-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2403
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:08 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.5e8d3382f82b03b0bf3fea3024eecd61.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 288 KB
87 KB 652ms
332ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery.5e8d3382f82b03b0bf3fea3024eecd61.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "47f04-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/ 47 KB
11 KB 484ms
163ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/utils.7a49486e1c734bd5d7fd0c1c68c83d9b.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "bcc7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 10676
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK granite.ed0d934d509c9dab702088c125c92b4f.js Show response
threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/ 10 KB
4 KB 488ms
164ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "28d6-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2974
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK jquery.26df26a88f9f71ceabb6a15e7cb9c550.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 471 B
1 KB 488ms
161ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/jquery.26df26a88f9f71ceabb6a15e7cb9c550.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "1d7-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK shared.06a50b23d97647c86982b7801a20508a.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 98 KB
19 KB 785ms
315ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/shared.06a50b23d97647c86982b7801a20508a.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "18868-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 18634
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.e2198d73b3e90f0b787085da720eb46e.js Show response
threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/ 22 KB
7 KB 645ms
162ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc.clientlibs/foundation/clientlibs/main.e2198d73b3e90f0b787085da720eb46e.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "5963-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 6275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK cylance-blogs.css
threatvector.cylance.com/etc/designs/ 0
756 B 325ms
165ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/designs/cylance-blogs.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Oct 2017 04:24:09 GMT
Server: Apache
Date: Mon, 30 Sep 2019 21:36:42 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.d6fc6f0b35c968dde40b02af38f21447.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 154 KB
26 KB 628ms
318ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "2685c-591e577eb4940-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 25287
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK dependencies.d41d8cd98f00b204e9800998ecf8427e.css
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 0
774 B 467ms
157ms Stylesheet
text/css 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.d41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
ETag: "0-591e577eb4940"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 0
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:42 GMT
Vary: User-Agent
Content-Type: text/css;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js Show response
assets.adobedtm.com/ 149 KB
46 KB 27ms
13ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:42 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "5aebb26c4d05b067a5277a6a715dfbac:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 30 Sep 2019 22:36:42 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
558 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 30 Sep 2019 21:36:42 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Mon, 30 Sep 2019 21:36:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 30 Sep 2019 21:36:42 GMT

GET
H2 200 forms2.min.js Show response
app-sj16.marketo.com/js/forms2/js/ 169 KB
58 KB 138ms
17ms Script
application/x-javascript 104.16.96.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 07 Aug 2019 18:10:53 GMT
server: cloudflare
age: 3718
etag: "a7324-2a536-58f8adc9ba540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=14400
cf-ray: 51e9557a9bb2c26d-FRA
expires: Tue, 01 Oct 2019 01:36:42 GMT

GET
H2 200 featherlight.min.css
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 2 KB
1 KB 20ms
5ms Stylesheet
text/css 151.139.237.11
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.css

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"817cdef4a8ec3dc545361453f69e4209a3c4d809"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H2 200 fig1-apt28-dll
s7d2.scene7.com/is/image/cylance/ 3 KB
3 KB 21ms
6ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig1-apt28-dll?&wid=115&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 724e680010b9d1ee1b0f0db1e6099c7db6b5229be91cf5b75533de3c5b8c7d1c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:42 GMT
last-modified: Thu, 22 Aug 2019 16:04:52 GMT
server: Unknown
etag: "bc745cb9afe22dd564e810ffa2dd3eeb"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 3192
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig2-apt28-dll
s7d2.scene7.com/is/image/cylance/ 19 KB
19 KB 14ms
12ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig2-apt28-dll?&wid=588&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: b8b5683eb4fcbc82d4c540136efe3ee0ded7371ff2cf7f8c785843e9c861aec0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 22 Aug 2019 16:01:18 GMT
server: Unknown
etag: "53a933e275b4a42c8e43dc66b0d85c5a"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 18974
expires: Mon, 30 Sep 2019 17:52:50 GMT

GET
H2 200 fig3xx-apt28-dll
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 9ms
7ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig3xx-apt28-dll?&wid=384&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: cff371c01c3befd5a6c96bc1af3c55158b6007e6223244fc245247e94f42cfb4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 22 Aug 2019 16:01:58 GMT
server: Unknown
etag: "45c5b7327f8304bc7aff20debfedb069"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5091
expires: Tue, 01 Oct 2019 03:50:23 GMT

GET
H2 200 fig5-apt28-dll
s7d2.scene7.com/is/image/cylance/ 41 KB
41 KB 14ms
12ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig5-apt28-dll?&wid=824&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 0ab842476f3437f398ceeaeca957b0abf23d78d307ec16518ad12ea6781ca9e6

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 22 Aug 2019 16:03:09 GMT
server: Unknown
etag: "ac7445e6a4884d86ac89f51183bb2195"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 41888
expires: Tue, 01 Oct 2019 03:50:23 GMT

GET
H2 200 fig6-apt28-dll
s7d2.scene7.com/is/image/cylance/ 24 KB
24 KB 9ms
7ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/fig6-apt28-dll?&wid=639&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 287450a4f4a05b901d7b7b5df6252640aec13825c1059905a79c369e4f97ec23

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 22 Aug 2019 22:10:27 GMT
server: Unknown
etag: "ddf9f5bfae4422dfddddc5ec17223ff8"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 24694
expires: Tue, 01 Oct 2019 03:50:23 GMT

GET
H/1.1 200
OK author_thumbnail_default.jpg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/ 2 KB
3 KB 158ms
157ms Image
image/jpeg 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/placeholder/author_thumbnail_default.jpg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:09:24 GMT
Server: Apache
ETag: "8d7-591e57ff73900"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 2263
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Cylance_BB_Logo_RGB_Horz_Black.png
threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/ 19 KB
19 KB 163ms
162ms Image
image/png 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/content/dam/cylance-blog/en_us/logos/Cylance_BB_Logo_RGB_Horz_Black.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "4aaf-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 19119
Date: Mon, 30 Sep 2019 21:36:43 GMT

GET
H/1.1 200
OK dependencies.a089e038f1a299472aab3599efb8d481.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 668 KB
158 KB 175ms
174ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/dependencies.a089e038f1a299472aab3599efb8d481.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "a70c1-591e577eb4940-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:09 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main.97c9aac6ee7df8531607278a78c5c231.js Show response
threatvector.cylance.com/etc/clientlibs/cylance-blogs/ 236 KB
63 KB 174ms
174ms Script
application/javascript 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.97c9aac6ee7df8531607278a78c5c231.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3b09d-591e577fa8b80-gzip"
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript;charset=utf-8
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 featherlight.min.js Show response
cdn.rawgit.com/noelboss/featherlight/1.7.9/release/ 9 KB
4 KB 7ms
5ms Script
application/javascript 151.139.237.11
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.rawgit.com/noelboss/featherlight/1.7.9/release/featherlight.min.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.139.237.11 Dallas, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),

Reverse DNS

Software

NetDNA-cache/2.2 /

Resource Hash

0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: NetDNA-cache/2.2
status: 200
etag: W/"2f5a26ba5509a7f0235bf1f53ed375289bfc91bd"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315569000, immutable
strict-transport-security: max-age=31536000; preload
x-robots-tag: none
rawgit-cache-status: HIT

GET
H/1.1 200
OK token.json Show response
threatvector.cylance.com/libs/granite/csrf/ 2 B
763 B 167ms
167ms XHR
application/json 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://threatvector.cylance.com/libs/granite/csrf/token.json

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Date: Mon, 30 Sep 2019 21:36:43 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Connection: keep-alive
Content-Type: application/json;charset=iso-8859-1
Cache-Control: no-cache
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: User-Agent
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 366 B
1 KB 110ms
31ms XHR
application/json 108.128.26.6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id?d_visid_ver=4.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=2297E09A576BB9677F000101%40AdobeOrg&d_nsid=0&ts=1569879403381
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.26.6 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-108-128-26-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f420be242c42905ac383d92dabea6b7682bb261ed7266f1a206cdef16f960da6

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v044-06ce3fb69.edge-irl1.demdex.com 5.59.0.20190904135845 3ms (+1ms)
Pragma: no-cache
Content-Encoding: gzip
X-TID: riOX1OSSQGM=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://threatvector.cylance.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 303
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/ 34 KB
13 KB 10ms
9ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Mon, 15 Apr 2019 20:43:53 GMT
server: Apache
etag: "f005ac758d3bc63fa30fe4a4bd80448d:1555361033"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12786
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 4245
date: Mon, 30 Sep 2019 20:25:58 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 30 Sep 2019 22:25:58 GMT

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPecZTIAOhVxoMyOr9n_E7fdMPmDaZRbrw.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 05:51:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:34 GMT
server: sffe
age: 3167108
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12344
x-xss-protection: 0
expires: Mon, 24 Aug 2020 05:51:35 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffGjEGItzY5abuWI.woff2

Requested by

Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 25 Aug 2019 05:46:59 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:52 GMT
server: sffe
age: 3167384
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12524
x-xss-protection: 0
expires: Mon, 24 Aug 2020 05:46:59 GMT

GET
H/1.1 200
OK mainLogo_rgb_h_white.png
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/ 10 KB
11 KB 157ms
156ms Image
image/png 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/branding/mainLogo_rgb_h_white.png

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
ETag: "2808-591e577fa8b80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Accept-Ranges: bytes
Content-Length: 10248
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main_search_close.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 938 B
1 KB 244ms
163ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_close.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "3aa-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 491
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK main_search_icon.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
1 KB 249ms
166ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/main_search_icon.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "594-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 693
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H2 200 092819-apt28-cylance-ff3-lrg
s7d2.scene7.com/is/image/cylance/ 60 KB
60 KB 15ms
15ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092819-apt28-cylance-ff3-lrg?&wid=1280&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 60591f0eed0ccbba8cff2adcd297791578089236065ec658ddbfdf9892f6a175

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 22 Aug 2019 23:18:01 GMT
server: Unknown
etag: "8b3cfd8c11f7e21026774c6227cd65e3"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 61075
expires: Tue, 01 Oct 2019 01:07:42 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffAzHGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 29 Aug 2019 05:02:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:18 GMT
server: sffe
age: 2824479
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12260
x-xss-protection: 0
expires: Fri, 28 Aug 2020 05:02:04 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2
fonts.gstatic.com/s/titilliumweb/v8/ 12 KB
12 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v8/NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzY5abuWI.woff2

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Titillium+Web:200,300,400,600
Origin: https://threatvector.cylance.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 24 Sep 2019 11:23:44 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:25:27 GMT
server: sffe
age: 555179
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 12276
x-xss-protection: 0
expires: Wed, 23 Sep 2020 11:23:44 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 33ms
8ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 403 getForm
app-sj16.marketo.com/index.php/form/ 0
0 12ms
12ms Script
text/html 104.16.96.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://app-sj16.marketo.com/index.php/form/getForm?munchkinId=524-DOM-989&form=3163&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&callback=jQuery1124038123921677436257_1569879403391&_=1569879403392
Requested by: Host: app-sj16.marketo.com
URL: https://app-sj16.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.96.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 092619-understanding-privacy-lrg
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 7ms
6ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092619-understanding-privacy-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 89a3c120cd572641fb6a13d72907fceac0b838e2b8e41d8b62f604fe5510aee8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Tue, 24 Sep 2019 20:06:39 GMT
server: Unknown
etag: "a6e5af82902e9e01b07d3a4605a736a4"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 3586
expires: Tue, 01 Oct 2019 06:46:35 GMT

GET
H2 200 092519-pcshare-fakenarrator-2-lrg
s7d2.scene7.com/is/image/cylance/ 7 KB
7 KB 9ms
8ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092519-pcshare-fakenarrator-2-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 8b8fc55fbc2dcfe88398bedbc20cca9abc7f1c88caf69481f4ed98f126a5fb47

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Tue, 24 Sep 2019 20:33:42 GMT
server: Unknown
etag: "5ab4f64c10959a8cc079d0b889e7421d"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 6740
expires: Tue, 01 Oct 2019 02:34:42 GMT

GET
H2 200 092419-joe-menn-1-lrg
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 9ms
8ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/092419-joe-menn-1-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: e2c6c1157ce1c3288e63b8905ebfae86fcf208e6c9886d28bfdac86e1c733065

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Tue, 24 Sep 2019 00:35:48 GMT
server: Unknown
etag: "b96d78429d70afae8071c08dfc1ae2a9"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5247
expires: Tue, 01 Oct 2019 02:08:47 GMT

GET
H2 200 2019%20Cybersecurity%20Awareness%20Month%20General%20BLOG%20Image
s7d2.scene7.com/is/image/cylance/ 5 KB
5 KB 9ms
9ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/2019%20Cybersecurity%20Awareness%20Month%20General%20BLOG%20Image?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: dd6e22647ce2f168a4563f0f7e58299a739e769f20d4e852bc2aca006d7a5748

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Mon, 23 Sep 2019 02:19:29 GMT
server: Unknown
etag: "7321392886618190df66ab3a6a314afa"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 5072
expires: Sun, 29 Sep 2019 01:01:11 GMT

GET
H2 200 000-InSecurity-Podcast-LRG
s7d2.scene7.com/is/image/cylance/ 4 KB
4 KB 9ms
9ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/000-InSecurity-Podcast-LRG?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Thu, 11 Apr 2019 19:54:05 GMT
server: Unknown
etag: "dd3973310906a18966ce86729e8f6c75"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 4371
expires: Sun, 29 Sep 2019 14:00:05 GMT

GET
H2 200 091919-food-safety-ics-2-lrg
s7d2.scene7.com/is/image/cylance/ 9 KB
9 KB 13ms
13ms Image
image/jpeg 2a02:26f0:6c00:28b::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s7d2.scene7.com/is/image/cylance/091919-food-safety-ics-2-lrg?&wid=319&fit=constrain,1
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28b::9b6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Unknown /
Resource Hash: 62dc909fddeee34ab26f67b53e11230af692a42853134d565c1e9d6194675253

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
last-modified: Wed, 18 Sep 2019 18:41:38 GMT
server: Unknown
etag: "a291bf9095a6a3e60a8a47aa2bf99b90"
status: 200
content-type: image/jpeg
access-control-allow-origin: *
content-length: 9310
expires: Mon, 30 Sep 2019 21:43:25 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 42ms
22ms Script
application/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

37520a7d4301bf54115512947334da543a8e05fd47f98f9e7064e1144f53e527

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
H/1.1 200
OK footer_social_icons_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 162ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_facebook.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "6d1-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 775
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_youtube.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 6 KB
3 KB 157ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_youtube.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "16d2-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 2247
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 157ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_twitter.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "7d3-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 1002
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 157ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_linkedin.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "714-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 803
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK footer_social_icons_rss.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 161ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/footer_social_icons_rss.svg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main.d6fc6f0b35c968dde40b02af38f21447.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "719-591e577fa8b80-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 827
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:10 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 6ms
6ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Wed, 08 Jan 2020 21:36:43 GMT

GET
H/1.1 200
OK Cookie set dest5.html
cylance.demdex.net/ Frame A2E0 0
0 142ms
30ms Document
text/html 108.128.26.6
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://cylance.demdex.net/dest5.html?d_nsid=0
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.26.6 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-108-128-26-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: cylance.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Accept-Encoding: gzip, deflate, br
Cookie: demdex=49212016190433715853136881157866617730
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 25 Sep 2019 09:34:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=49212016190433715853136881157866617730;Path=/;Domain=.demdex.net;Expires=Sat, 28-Mar-2020 21:36:43 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: ZQFYkKPCTNc=
Content-Length: 2764
Connection: keep-alive

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XZJ1awAAFWXBWBN_
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=49212016190433715853136881157866617730
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZJ1awAAFWXBWBN_

42 B
776 B

32ms
32ms

Image
image/gif

108.128.26.6
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZJ1awAAFWXBWBN_
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.26.6 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-108-128-26-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v044-01d75cf23.edge-irl1.demdex.com 5.59.0.20190904135845 4ms (+2ms)
Pragma: no-cache
X-TID: J9J4/CuZTyI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 30 Sep 2019 21:36:42 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XZJ1awAAFWXBWBN_
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK visitWebPage Show response
524-dom-989.mktoresp.com/webevents/ 2 B
303 B 716ms
159ms XHR
text/plain 192.28.147.68
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://524-dom-989.mktoresp.com/webevents/visitWebPage?_mchNc=1569879403500&_mchCn=&_mchId=524-DOM-989&_mchTk=_mch-cylance.com-1569879403500-89733&_mchHo=threatvector.cylance.com&_mchPo=&_mchRu=%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.147.68 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software: akka-http/10.1.7 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 30 Sep 2019 21:36:44 GMT
Content-Encoding: gzip
Server: akka-http/10.1.7
Transfer-Encoding: chunked
X-Request-Id: bd576596-4cf2-4ae2-b8d9-17152d6c9ef5
Content-Type: text/plain; charset=UTF-8

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflDuDH0c/ 23 KB
9 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflDuDH0c/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5594aad46162a604f53718c6eec2c9824317dddd03dab69822549cd36e5789dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 02:08:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70075
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8703
x-xss-protection: 0
last-modified: Fri, 27 Sep 2019 21:58:12 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Tue, 08 Oct 2019 02:08:48 GMT

GET
H2 200 RC03553916c50b4787a671e14ccf605715-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 695 B
645 B 6ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC03553916c50b4787a671e14ccf605715-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "d9f372492adb73ae3b7bff0cf0a90587:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 412
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 76ms
46ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: DF7B160DF0CC43BC8190133AA154B001 Ref B: VIEEDGE0908 Ref C: 2019-09-30T21:36:43Z
status: 200
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H2 200 RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
775 B 7ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCcd4cfcbe6a2644318ee9f8727d5e7eb8-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "eababff33cad8c9e414fb875be462778:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 541
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
899 B 7ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCf28b419b6ee84d7a88134d7176e20bb3-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "6d94ea62691631fbad7ebecdcc6e04c3:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 666
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 RCe330e30c9b774f238563c2f0317b145b-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 654 B
624 B 7ms
7ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCe330e30c9b774f238563c2f0317b145b-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:24 GMT
server: Apache
etag: "cba2baa21d2761515a7b772732db4812:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 85 KB
32 KB 1963ms
1944ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40B4) / ASP.NET
Resource Hash: 304bfe9eb3f7bd61580b2a74331e32e2c5bb918afa808dc35f01f32f2e693510

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:45 GMT
content-encoding: gzip
etag: "a42384f46472d51:0"
last-modified: Mon, 23 Sep 2019 23:16:40 GMT
server: ECS (fcn/40B4)
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 33061

GET
H/1.1 200
OK share_bar_icon_linkedin.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 286ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_linkedin.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "809-591e578c0e8c0-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 876
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_twitter.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 158ms
157ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_twitter.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "8c8-591e578c0e8c0-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 1062
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_google.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 165ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_google.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "829-591e578c0e8c0-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 867
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_facebook.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 2 KB
2 KB 278ms
161ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_facebook.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "771-591e578c0e8c0-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 796
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK share_bar_icon_email.svg
threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/ 1 KB
1 KB 283ms
163ms Image
image/svg+xml 54.148.87.203
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://threatvector.cylance.com/etc/clientlibs/cylance-blogs/main/images/icons/share_bar_icon_email.svg

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.148.87.203 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-148-87-203.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687

Security Headers

Name	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy: font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Content-Encoding: gzip
ETag: "49c-591e578c0e8c0-gzip"
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 682
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Fri, 06 Sep 2019 17:07:23 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Date: Mon, 30 Sep 2019 21:36:43 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: image/svg+xml
Connection: keep-alive
Feature-Policy: geolocation 'none';midi 'none';sync-xhr *;microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker *;fullscreen *;payment 'none';
Accept-Ranges: bytes
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 944 B
753 B 7ms
7ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 34d46b50dff8e2640fc5a4ff05dbe0eaee6070796e21c1cef4428b64790408dc

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Encoding: gzip
Last-Modified: Mon, 30 Sep 2019 16:42:34 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=69002
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 440

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 24 KB
10 KB 28ms
15ms Script
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

a6b5e22c905bbb22ce9e7aad76eeca32474b5ba7c932893d554b0edfddc7f9e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9184
x-xss-protection: 0
server: cafe
etag: 4597387999763492622
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Sep 2019 21:36:43 GMT

GET
H2 200 6e7b478b.min.js Show response
tag.demandbase.com/ 56 KB
15 KB 24ms
8ms Script
application/javascript 143.204.214.125
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/6e7b478b.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-125.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d46f9e013df1aa1864b8a744dd8f1bddf6b0a372d8745917d432c7f0d5171214

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 29 Sep 2019 15:03:02 GMT
content-encoding: gzip
last-modified: Tue, 20 Aug 2019 00:26:20 GMT
server: AmazonS3
age: 2056
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: OPlVoOutJTXQxpBdYEE3syCPOCOOHtom
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: xOoyNMfGCFE6XIloCf0kvD8-_piZyJU9qNvoijO_Vv9NQu_9ptPzaA==
via: 1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront)

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 15 KB
5 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Sep 2019 16:57:12 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=40416
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 109ms
93ms XHR
application/json 52.222.157.128
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&page_title=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&key=7535516323dadf7e3d35f603eaad6491&src=tag
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.222.157.128 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-52-222-157-128.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579

Request headers

Sec-Fetch-Mode: cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: c7874fc0-c7c9-4578-af63-9a2cc49b686b
x-amz-cf-id: JQmhFGicKXTxmGRIggcIR6Ue6vH89c-lHMD7V5MQFKv_eeYVSh-5gQ==
pragma: no-cache
access-control-allow-origin: https://threatvector.cylance.com
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 67284fcf464f6f1529cc1e521669622c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
identification-source: CACHE
expires: Sun, 29 Sep 2019 21:36:43 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw&verifyHash=ab3c747c771da7bbc952a1217c4f2eb6d644075e

26 B
390 B

97ms
96ms

Image
image/gif

143.204.214.57
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw&verifyHash=ab3c747c771da7bbc952a1217c4f2eb6d644075e
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.57 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-57.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf567.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Connection: keep-alive
trace-id: 0d7f5b08e1434c9a
Content-Length: 26
X-Amz-Cf-Id: RDfPXmve7KpxJbPRZ88OSPc8Km20xWcFY2zSnMCFRDRSncnGcLwEZg==

Redirect headers

Date: Mon, 30 Sep 2019 21:36:43 GMT
Via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf567.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAaR7U67JOsAABXxn-I0uw&verifyHash=ab3c747c771da7bbc952a1217c4f2eb6d644075e
Connection: keep-alive
trace-id: dc6e64a90274134d
Content-Length: 0
X-Amz-Cf-Id: dPjK2cGL7DVVrL6fFFTEyAdF0yLz6byJ5pVslhzSUsMO9AfcucHV-Q==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81d::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1569879403613&cv=9&fst=1569879403613&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

5a8bce66e87fe3874177d2407de2f15054dedb26e5bd5edfb433396d80cc57bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 970
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
148 B 47ms
47ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5637515&tm=al001&Ver=2&mid=86057e25-999a-8317-5530-736bcaae5645&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&kw=APT28%20DLL,%20backdoor,%20Cylance,%20BlackBerry&p=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&r=&lt=2085&pt=1569879401477,,,,,0,1,20,20,507,180,507,1035,1038,1043,2069,2069,2085,,,&pn=0,0&evt=pageLoad&msclkid=N&rn=136029
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 3BBF9B96E4B049089865490BBF01095D Ref B: VIEEDGE0908 Ref C: 2019-09-30T21:36:43Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
167 B 21ms
21ms Image
image/gif 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1569879403613&cv=9&fst=1569877200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&fmt=3&is_vtc=1&random=3493171654&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
156 B 23ms
22ms Image
image/gif 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1569879403613&cv=9&fst=1569877200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&async=1&fmt=3&is_vtc=1&random=3493171654&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 460 B
487 B 7ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC45a65cb4bab44e65966fc1bfe9d6d8ed-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "eb0abeded1d23a64ed81155c95cbb867:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 254
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 RC795343619189407bb257bf77f37e4f32-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 458 B
484 B 8ms
7ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC795343619189407bb257bf77f37e4f32-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "6c8d0a2b5eadfc79c1cea9bda4c63d3f:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 252
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 RCa7a45d271f51412293463f49427635d0-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 472 B
499 B 8ms
8ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RCa7a45d271f51412293463f49427635d0-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "1cd1f676e57143bd85e5f21bdd4785bb:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 265
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=831374643&t=pageview&_s=1&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&ul=en-us&de=UTF...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_gid=1525153272.1569879403&gjid=1852002337&_v=j79&z=345379810
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810&slf_rd=1&random=3744682400

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810&slf_rd=1&random=3744682400

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-33464378-1&cid=1924579897.1569879403&jid=1875270207&_v=j79&z=345379810&slf_rd=1&random=3744682400
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 835 B
587 B 6ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC65049b1ee2da4bed9ece12f15b7d466f-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:25 GMT
server: Apache
etag: "3802beb763414589551c998a499408b3:1560460645"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 353
expires: Mon, 30 Sep 2019 22:36:43 GMT

GET
H2 200 s97188637331268
cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/ 43 B
393 B 111ms
35ms Image
image/gif 52.49.100.189
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cylance.sc.omtrdc.net/b/ss/cylan-production/1/JS-2.12.0-L9TT/s97188637331268?AQB=1&ndh=1&pf=1&t=30%2F8%2F2019%2023%3A36%3A43%201%20-120&mid=49654431720950585813110617652871320406&aamlh=6&ce=UTF-8&pageName=home%3Ainside-the-apt28-dll-backdoor-blitz&g=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&cc=USD&ch=home&server=threatvector.cylance.com&events=event17&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=D%3Dv1&v1=threatvector.cylance.com&h1=home%7Cinside-the-apt28-dll-backdoor-blitz&c2=2019-09-30%2021%3A36%3A42&v3=monday&c4=2%3A36%20PM%7CMonday&v4=2%3A36%20PM%7CMonday&v6=home%3Ainside-the-apt28-dll-backdoor-blitz&v7=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&c8=D%3Dv8&v8=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&c9=D%3Dv9&v9=en_us&c10=D%3Dv10&c11=New&v11=First%20Visit&v12=New&c16=1&c17=18&v17=18&v35=The%20Cylance%20Threat%20Research%20Team&v36=research-and-intelligence&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=2297E09A576BB9677F000101%40AdobeOrg&AQE=1

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.49.100.189 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-49-100-189.eu-west-1.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:43 GMT
x-content-type-options: nosniff
x-c: master-1011.I87c50b.M0-282
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 01 Oct 2019 21:36:43 GMT
server: jag
xserver: anedge-659b866874-m8s5d
etag: 2EC93AB5FFFF8000-400D5FF3205ACBC2
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 29 Sep 2019 21:36:43 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
322 B 7ms
6ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=1bfc54c387954f9eaa42590696a6fc28&_biz_s=872e66&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569879405521&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=0&a=cylance.com&rnd=180840&cdn_o=a&_biz_z=1569879405522
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/41A2) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:45 GMT
x-aspnetmvc-version: 5.2
last-modified: Sat, 28 Sep 2019 17:56:39 GMT
server: ECS (fcn/41A2)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 378 B
547 B 4530ms
4529ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=1bfc54c387954f9eaa42590696a6fc28&_biz_h=-1906410348&cdn_o=a&jsVer=4.19.06.26&a=cylance.com
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js?account=cylance.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2f1b76a591e92862e4bd513f5a80c744005329665cb5b9f94b5069fbc627e685

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:49 GMT
content-encoding: gzip
etag: 6FD6C8A1
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 326

GET
H2 200 u
cdn.bizible.com/m/ 43 B
116 B 7ms
6ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A524-DOM-989%26token%3A_mch-cylance.com-1569879403500-89733&_biz_u=1bfc54c387954f9eaa42590696a6fc28&_biz_s=872e66&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569879405524&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=1&a=cylance.com&rnd=759599&cdn_o=a&_biz_z=1569879405625
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DD) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:45 GMT
x-aspnetmvc-version: 5.2
last-modified: Fri, 27 Sep 2019 04:41:15 GMT
server: ECS (fcn/40DD)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizible.com/m/ 43 B
80 B 9ms
9ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=ecid&mapValue=2297E09A576BB9677F000101%40AdobeOrg_49654431720950585813110617652871320406&_biz_u=1bfc54c387954f9eaa42590696a6fc28&_biz_s=872e66&_biz_l=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&_biz_t=1569879405526&_biz_i=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&_biz_n=2&a=cylance.com&rnd=952890&cdn_o=a&_biz_z=1569879405625
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (fcn/40DD) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:45 GMT
x-aspnetmvc-version: 5.2
last-modified: Fri, 27 Sep 2019 04:41:15 GMT
server: ECS (fcn/40DD)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js Show response
assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/ 1 KB
907 B 6ms
6ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/COe49f90d73b104d95a5840fb29de3b4bb/PRf95f8581a88f45b9b9b9fb92baf50df7/BL2622518685ad46688ae9b6337ed669ac/RC6d15653dcdbd4cccb51d7164ce31913c-source.min.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
content-encoding: gzip
last-modified: Thu, 13 Jun 2019 21:17:23 GMT
server: AkamaiNetStorage
etag: "030fd508521493a75099bd78f60225e1:1560460644"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 667
expires: Mon, 30 Sep 2019 22:36:50 GMT

GET
H2

200

/ Show response
px.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1569879410071%26pid%3D37262%26url%3Dhttps%253A%252F%252Fthreatvector.cylance.com%252Fen_us%252Fh...
https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true

0
72 B

128ms
128ms

Script
application/javascript

2620:119:50e6:101::6cae:b05
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:119:50e6:101::6cae:b05 , United States, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-ech2
content-type: application/javascript
content-length: 20
x-li-uuid: 6Zj4kQFVyRVw+4+PCysAAA==

Redirect headers

date: Mon, 30 Sep 2019 21:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: e+TLiwFVyRWwAIz2iysAAA==
server: Play
pragma: no-cache
x-li-pop: prod-edc2
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect/?time=1569879410071&pid=37262&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&fmt=js&s=1&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 15ms
15ms Script
text/javascript 172.217.22.66
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN9a198e584a4641e5a638d027ddddb3cf.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.66 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s17-in-f66.1e100.net

Software

cafe /

Resource Hash

c6c59f99021c03392673132e9b28f9e1fc890710c531aa49b506b01adb5b8dcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9364
x-xss-protection: 0
server: cafe
etag: 14275855663230401311
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 30 Sep 2019 21:36:50 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/ 2 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81d::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858415995/?random=1569879410094&cv=9&fst=1569879410094&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&rfmt=3&fmt=4

Requested by

Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

61c1efe1553c04e375c7f23b039895700acdfcf5fc6c3799f398f87bb995752e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 965
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/858415995/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:800::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/858415995/?random=1569879410094&cv=9&fst=1569877200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&fmt=3&is_vtc=1&random=3340932191&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/858415995/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:81d::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/858415995/?random=1569879410094&cv=9&fst=1569877200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&tiba=Inside%20the%20APT28%20DLL%20Backdoor%20Blitz&fmt=3&is_vtc=1&random=3340932191&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 33 KB
11 KB 21ms
7ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4a1d3bf6c1cec783f967068348e78974da3b79cdfae1746c01f7f9ad86ad9951

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 9.BQ9cxFANfreH2vrVxQTFpw5o67znAv
Content-Encoding: gzip
ETag: "4cdaf4a1f2ebfda8dd871575ebef2236"
x-amz-request-id: 43692B5807BE08A9
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 10345
x-amz-id-2: ZQUqt6+TOkdgwadOb4rRXtH/zTXxRMa2B/Q3JC2N12nwj4qVLAGSMuqUr6fSLmp42OnQir5Jk9Y=
Last-Modified: Wed, 25 Sep 2019 15:18:31 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 21:36:50 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/ 37 B
689 B 5ms
5ms Script
application/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/OU3SUNRJWBHPTCY5X23OHE/index.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 6a8466d729c03a3f87ea7d1ea02379eae9ffc52171cd62b9428a39ca71675814

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: R_ckzgWvfNCfEwf0PnntnEl6yBf56gV_
ETag: "af5292134b7f9ce1b2a338c5daae4370"
x-amz-request-id: D9CE35FCA4FEDD8D
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 37
x-amz-id-2: CwjxZAzQyVHzxNAtxsi4AGEiOnFt0O1bKhrynbghddfpKxkUUyYKwe8T7zv36IOpUw8IwVvQJrw=
Last-Modified: Mon, 30 Sep 2019 18:31:48 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 21:36:50 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK OU3SUNRJWBHPTCY5X23OHE Show response
d.adroll.com/consent/check/ 52 B
511 B 114ms
28ms Script
application/javascript 54.247.188.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/OU3SUNRJWBHPTCY5X23OHE?_s=3f1851b0b48e50eb43b2448d143af28b&_b=2
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.188.17 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-247-188-17.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: 6a5862cec71ec62c1d809d12c7919541d611156c4afe375bf8cf7b5ddd7e406d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 52

GET
H/1.1

200
OK

BMNOXKZHPFHPDK7ZYEXFSC.js Show response
s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/
Redirect Chain

https://d.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&pv=73743644275.1263&cookie=&adroll_s_ref=&keyw=&arrfrr=ht...
https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

6 KB
3 KB

6ms
6ms

Script
text/javascript

2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 79a5a24099a0a07f7f110441ce3a04edc884ebcfa098f2dd88a29aeb4f14ca03

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: V2flq_cuofb0.7odwT2UwbzD1MgCIuJf
Content-Encoding: gzip
ETag: "08be8e66b3184f140f912a9c1babc1f7"
x-amz-request-id: 72496EB1E9914099
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1995
x-amz-id-2: MTIZT/z4oD/3JbPm5QaEiQRHnUxlUa+LcYi9nfBnZIccMjbBpZUHhC88wRlXUKLzuBBwrY30lrk=
Last-Modified: Tue, 20 Aug 2019 22:52:59 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 21:36:50 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Mon, 30 Sep 2019 21:36:50 GMT
X-Segment-Display-Name
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Connection: keep-alive
Content-Length: 0
Pragma: no-cache
X-Conversion-Value: 0.0
Server: nginx/1.14.1
X-Rule: *threatvector.cylance.com*
X-Segment-Eid: BMNOXKZHPFHPDK7ZYEXFSC
Location: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js
Cache-Control: no-store, no-cache, must-revalidate
X-Pixel-Eid: JFQUMKJ3NRFIFLRA5FOQKB
X-Segment-Name: a102ead2
X-Advertisable-Eid: OU3SUNRJWBHPTCY5X23OHE
X-Conversion-Currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 121 KB
32 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: s.adroll.com
URL: https://s.adroll.com/pixel/OU3SUNRJWBHPTCY5X23OHE/JFQUMKJ3NRFIFLRA5FOQKB/BMNOXKZHPFHPDK7ZYEXFSC.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 31604
x-xss-protection: 0
pragma: public
x-fb-debug: g/ArZk06Bi/zDmJ0M3vv2w+WrDhalPbhWeYhM0PTw+fU2c0y/eLYYu+rpBsdSH0zhwryl5QU02dmeIaCAKDCsg==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Mon, 30 Sep 2019 21:36:50 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 6ms
6ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: threatvector.cylance.com
URL: https://threatvector.cylance.com/etc.clientlibs/clientlibs/granite/jquery/granite.ed0d934d509c9dab702088c125c92b4f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: zwhvLQqU_bzZQXYQsmzqPfdjhgNu8Tlx
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: 6395E10A401E1DF1
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: p8uySg63IvO6/9bEUnUAD6eXAeqU0rM4OYelIm0ZsiUPl941B0XoN0nxPSC5GbEfNErEmYVdxEI=
Last-Modified: Thu, 19 Sep 2019 17:50:09 GMT
Server: AmazonS3
Date: Mon, 30 Sep 2019 21:36:50 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.advertising.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://pixel.advertising.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-06...
https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-06...

0
472 B

7ms
7ms

Image
text/plain

52.29.22.127
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-062dcfc35558&verify=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.22.127 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-22-127.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Mon, 30 Sep 2019 21:36:50 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status: 302
date: Mon, 30 Sep 2019 21:36:50 GMT
content-length: 0
location: https://ups.analytics.yahoo.com/ups/55980/sync?uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UP6974c58e-e3ca-11e9-a38e-062dcfc35558&verify=true
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410&C=1

43 B
898 B

12ms
12ms

Image
image/gif

2.18.234.21
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 30 Sep 2019 21:36:50 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expiration=1601415410&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Mon, 30 Sep 2019 21:36:50 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expires=365

0
239 B

31ms
7ms

Image
image/gif

69.173.144.136
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expires=365
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.136 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&expires=365
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 124

GET
H2

200

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&rdrctExp=true

0
358 B

136ms
136ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&rdrctExp=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, JFK, FRA, Europe1
x-timer: S1569879411.518024,VS0,VE131
accept-ranges: bytes, bytes
x-served-by: cache-jfk8129-JFK, cache-fra19141-FRA
x-cache: MISS, MISS
status: 200
backend-ip: 104.156.90.29
x-traceid: 7963ab9ffc6b19c43ce5e6c9ecd51f52
content-length: 0
x-cache-hits: 0, 0

Redirect headers

date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, JFK, FRA, Europe1
x-timer: S1569879410.422377,VS0,VE86
accept-ranges: bytes, bytes
x-served-by: cache-jfk8150-JFK, cache-fra19141-FRA
status: 302
x-cache: MISS, MISS
location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&rdrctExp=true
backend-ip: 104.156.90.50
x-traceid: e9fad4ca83d45472632f5210e6f18ee8
content-length: 0
x-cache-hits: 0, 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
863 B

52ms
14ms

Image
text/html

185.64.189.110
PubMatic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
X-lat: Pug22032:0:1181
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 220

GET
H/1.1

200
OK

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
488 B

32ms
31ms

Image
image/gif

54.247.188.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.188.17 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-247-188-17.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

Redirect headers

Date: Mon, 30 Sep 2019 21:36:50 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

204

/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

0
262 B

15ms
14ms

Image
text/plain

151.101.14.2
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 varnish
server: nginx
x-timer: S1569879410.443985,VS0,VE9
x-cache: MISS
status: 204
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-fra19141-FRA

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 111

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=c5f8217193b932cffe3ccf5613c80b1a-1569879410267&xid_ch=f&advertisable=OU3SUNRJWBHPTCY5X23OHE
https://eb2.3lift.com/xuid?mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e&gdpr=1&cmp_cs=

37 B
335 B

9ms
9ms

Image
image/gif

52.29.202.222
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e&gdpr=1&cmp_cs=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.202.222 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-202-222.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 30 Sep 2019 21:36:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status: 302
date: Mon, 30 Sep 2019 21:36:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: /xuid?ld=1&mid=4714&xuid=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM&dongle=c85e&gdpr=1&cmp_cs=
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
488 B

31ms
31ms

Image
image/gif

54.247.188.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.188.17 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-247-188-17.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42

Redirect headers

Date: Mon, 30 Sep 2019 21:36:50 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

43 B
379 B

8ms
7ms

Image
image/gif

18.196.219.117
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.219.117 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-219-117.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 30 Sep 2019 21:36:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status: 302
date: Mon, 30 Sep 2019 21:36:50 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://ib.adnxs.com/setuid?entity=172&code=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

43 B
875 B

59ms
6ms

Image
image/gif

37.252.173.38
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.38 , Ascension Island, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:52 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.254:80
AN-X-Request-Uuid: 07334466-021d-4e23-bb07-3274c31a64a2
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://ib.adnxs.com/setuid?entity=172&code=ZGMxYzkxNjE5Yjg2YWU4NjkxY2UyZDg2OWMxYmQ1ZWM
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 93

GET
H2

204

377928.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://idsync.rlcdn.com/377928.gif?partner_uid=dc1c91619b86ae8691ce2d869c1bd5ec

0
40 B

323ms
322ms

Image
text/plain

35.190.72.21
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/377928.gif?partner_uid=dc1c91619b86ae8691ce2d869c1bd5ec
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Location: https://idsync.rlcdn.com/377928.gif?partner_uid=dc1c91619b86ae8691ce2d869c1bd5ec
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 86

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?advertisable=OU3SUNRJWBHPTCY5X23OHE
https://us-u.openx.net/w/1.0/sd?id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec

43 B
183 B

14ms
14ms

Image
image/gif

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 google
server: OXGW/16.163.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 30 Sep 2019 21:36:50 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=dc1c91619b86ae8691ce2d869c1bd5ec
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?advertisable=OU3SUNRJWBHPTCY5X23OHE&google_nid=adroll5
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=3ByRYZuGroaRzi2GnBvV7A
https://d.adroll.com/cm/g/in

42 B
523 B

30ms
30ms

Image
image/gif

54.247.188.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.188.17 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-247-188-17.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 30 Sep 2019 21:36:50 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
X-Result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 30 Sep 2019 21:36:50 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1792927231029740 Show response
connect.facebook.net/signals/config/ 307 KB
79 KB 170ms
170ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1792927231029740?v=2.9.4&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

4cdb5521799347327648c9276d2efa4b5c608ca21238cb091f2629d4c95e6cea

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id: 420120009
pragma: public
x-fb-debug: HZLxt0qbnkgazWv4BSppHfb9XvBCjWJ24YW5YFnQOJU18hjnhK/Q2GHNjQJ44T76kx0Yh+mpEPUCyQfuhT8mAg==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Mon, 30 Sep 2019 21:36:50 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 35 KB
10 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.4

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 10218
x-xss-protection: 0
pragma: public
x-fb-debug: NdJhePEykfDuJycdLu54izlk1rizyXoUSlgRcascLWk3i3pfPGAx+8fzFwDiRvQ3Z99pOeBgJ+ei8lPgVJvkNw==
x-fb-trip-id: 420120009
x-frame-options: DENY
date: Mon, 30 Sep 2019 21:36:50 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
319 B 18ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1792927231029740&ev=PageView&dl=https%3A%2F%2Fthreatvector.cylance.com%2Fen_us%2Fhome%2Finside-the-apt28-dll-backdoor-blitz.html&rl=&if=false&ts=1569879410573&cd[segment_eid]=BMNOXKZHPFHPDK7ZYEXFSC&sw=1600&sh=1200&v=2.9.4&r=stable&ec=0&o=29&fbp=fb.1.1569879410572.396020514&it=1569879410346&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 30 Sep 2019 21:36:50 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 30 Sep 2019 21:36:50 GMT

Verdicts & Comments Add Verdict or Comment

178 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cylance.com/	1969-12-31 23:59:59	Name: s_ppv Value: home%253Ainside-the-apt28-dll-backdoor-blitz%2C7%2C7%2C1200
.cylance.com/	1969-12-31 23:59:59	Name: s_tp Value: 18224
.cylance.com/	1970-01-19 12:50:15	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22Ecid%22%3A%22-382513617%22%2C%22XDomain%22%3A%221%22%7D

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html(Line 247) Message: cookie not is active
console-api	log	(Line 2) Message: add----roll1
console-api	log	(Line 2) Message: add----roll2
console-api	log	(Line 2) Message: add----roll2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src https: data:; img-src http: https: data:; script-src http: https: blob: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

524-dom-989.mktoresp.com
ads.yahoo.com
api.company-target.com
app-sj16.marketo.com
assets.adobedtm.com
bat.bing.com
cdn.bizible.com
cdn.rawgit.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cylance.demdex.net
cylance.sc.omtrdc.net
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
match.prod.bidr.io
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ytimg.com
s7d2.scene7.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
stats.g.doubleclick.net
sync.outbrain.com
tag.demandbase.com
threatvector.cylance.com
trc.taboola.com
ups.analytics.yahoo.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.linkedin.com
www.youtube.com
x.bidswitch.net
104.16.96.80
108.128.26.6
143.204.214.125
143.204.214.57
151.101.14.2
151.139.237.11
172.217.22.66
18.196.219.117
184.31.84.223
185.64.189.110
192.28.147.68
2.18.232.23
2.18.233.40
2.18.234.21
2620:119:50e4:101::6cae:b51
2620:119:50e6:101::6cae:b05
2620:1ec:c11::200
2a00:1288:110:833::4000
2a00:1450:4001:800::2004
2a00:1450:4001:806::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:815::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:81d::2003
2a00:1450:4001:81e::200e
2a00:1450:4001:825::2003
2a00:1450:400c:c06::9b
2a02:26f0:6c00:28b::9b6
2a02:26f0:6c00:28c::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.95.120.147
35.190.72.21
37.252.173.38
52.211.150.253
52.222.157.128
52.29.20.136
52.29.202.222
52.29.22.127
52.49.100.189
54.148.87.203
54.247.188.17
66.117.28.86
69.173.144.136
93.184.220.178
099bace63963205abb1875d577e797bdac573989ab27a75960eafe3ccd5fa27a
09bc1009eb3d9cbc800e4933a407c81b1920be72f28254baff513ee8f422f5b0
0ab842476f3437f398ceeaeca957b0abf23d78d307ec16518ad12ea6781ca9e6
0e23b84d6736b1645a695282788cee2070cd3f5cd2c5c2e31ea0b44a942294c2
0e41a843709f19f5327078ad0e4fca7ff8485d280f2458c15b555957a0e646cd
1017b2b6551aca43896313770d3c3041d58cee227ce35861c60ef0a10dc38c64
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14d88b3a27f0e6de034f86ad42d6411081e9467daf754147f2f16bcb20782177
1a7103ddeebf3a313febafe1aba08a1cec143c98a7b6e51cacbf8893093efaa2
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1cac386a226657759d39c04b26768f03915090f0f1a5b4e6ca815d7478228159
26ae4b0eb488fa35fca8b199e05b5b5236192cf04a2fa5a91ba6c5c4d5ffc06d
287450a4f4a05b901d7b7b5df6252640aec13825c1059905a79c369e4f97ec23
2afa0193eebc6dcba6256c02ba126cd809b278a8c271ba1344af1d54520fb173
2d9245daf2dcc8739b68091fc3afea1e48c3add85f07d57e551a2ab7a714853e
2f1b76a591e92862e4bd513f5a80c744005329665cb5b9f94b5069fbc627e685
304bfe9eb3f7bd61580b2a74331e32e2c5bb918afa808dc35f01f32f2e693510
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
34d46b50dff8e2640fc5a4ff05dbe0eaee6070796e21c1cef4428b64790408dc
37520a7d4301bf54115512947334da543a8e05fd47f98f9e7064e1144f53e527
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44df095afbcc3700bb27f3c430bce008b8074188be803787ce11b9b850ed6675
45e2f85e3aab6c36988703f5cc06444289bb795a25736b74975073c98de18498
4a1d3bf6c1cec783f967068348e78974da3b79cdfae1746c01f7f9ad86ad9951
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cdb5521799347327648c9276d2efa4b5c608ca21238cb091f2629d4c95e6cea
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5594aad46162a604f53718c6eec2c9824317dddd03dab69822549cd36e5789dd
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a8bce66e87fe3874177d2407de2f15054dedb26e5bd5edfb433396d80cc57bc
60591f0eed0ccbba8cff2adcd297791578089236065ec658ddbfdf9892f6a175
61c1efe1553c04e375c7f23b039895700acdfcf5fc6c3799f398f87bb995752e
62d710d9bda1dbd522c180805ec2a66d82c84ec1093813ebf39d22f04b30d871
62dc909fddeee34ab26f67b53e11230af692a42853134d565c1e9d6194675253
66de82969f617c85184ad351d55501233e538e7f54caa684368c8a155053874d
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
6a5862cec71ec62c1d809d12c7919541d611156c4afe375bf8cf7b5ddd7e406d
6a8466d729c03a3f87ea7d1ea02379eae9ffc52171cd62b9428a39ca71675814
724e680010b9d1ee1b0f0db1e6099c7db6b5229be91cf5b75533de3c5b8c7d1c
7848472b4e994bcd2cb522201f6c123b50c4b37e5aab979ac50db3244eb894d5
79a5a24099a0a07f7f110441ce3a04edc884ebcfa098f2dd88a29aeb4f14ca03
7b86ac9779af83777789a7fc81940793f77b5bd3ff3d36ac8e925fccf656247a
7fbbeba68616ec3cd21955086a765a1c74d81b3f2772babba4f8f9719adb2d5c
8235e55fa7f1c889f552c3d7415b6bfff016a82035dc5c77da7a1789a3de95e3
8658dcad983dacbb3bca7bc8217fd0b75f28df85bf9259bd0dccf69e58cb0ecd
87f55f0eb8ca3828f1f3c43da32e71933463b639ff59c86fab549600912ac687
89a3c120cd572641fb6a13d72907fceac0b838e2b8e41d8b62f604fe5510aee8
8b8fc55fbc2dcfe88398bedbc20cca9abc7f1c88caf69481f4ed98f126a5fb47
8f9713075b7edd29146b9f8472de0a9dea8c7f3dc2f41ff172f3e558536227c7
937fdd2761db8d890407be8c18e64a7f3c19ded89b4d67f5606e30a560bd63c5
93a431303f6163e1a1b17d0fe9ac4edb2b042333aec637187fa92f9ed1050ae8
96904bcac47ca5d98b664970580ea473e1e6a6b285c87e8cb3caa2f1928e7219
9913bba300e77cd7898ce5a11558bf789fd15cb686107a10a648109117816be1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2b822bab96a6e095c7309930ececb5c93c84a4f87be1698189c623c8d6e0579
a6b5e22c905bbb22ce9e7aad76eeca32474b5ba7c932893d554b0edfddc7f9e2
adc2c8e679ffd8f0cbc9270749db4f687b9201280b2913c2817f230584ea4e1d
ae0d8091f974c66bea6d9f9aeba9feb785eb4e5a4e779060ec5f31b525f61f0f
af6f1a1d1ca5b44168e2d69e4e92daf576df150cc615c9e62adc6eb909a73114
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b10bfe284fcea12155ae8def55a8ec14b8a804e198e06d985e6e8a1681851c63
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1756b96e3bd84287ee83fefd065c0357f1a90e510c089d244c09dccdd8c4648
b194fd385666036162259f55563a017e78753671e0fbd3be31a272dc2b869876
b4e9e9bef19c34422f55a7fdb9d10c4db5e39cff24b8c98a0be0e09b2ee6ac2b
b8b5683eb4fcbc82d4c540136efe3ee0ded7371ff2cf7f8c785843e9c861aec0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c0aed91f1b10ec94f40fdf79c31d1f870fb4bf3eda63b61edb3bbaeff53a93e0
c6c59f99021c03392673132e9b28f9e1fc890710c531aa49b506b01adb5b8dcd
c6e538e6a9213d8d6cb6a1f3b7c03e5a06d68ff25ec57e6eb5b4868289464de0
ce11c18967ab30115878af2f6c6dc88fce05dbda48df9cea5a7abf9fb311ef5f
cff371c01c3befd5a6c96bc1af3c55158b6007e6223244fc245247e94f42cfb4
d46f9e013df1aa1864b8a744dd8f1bddf6b0a372d8745917d432c7f0d5171214
d4e42e78d5938248bc7eeac03bfacee8cd2a392daa3885637a7899ca4fb30e3c
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dd1dad45fd0dd168ad46427307aa8a206b857b783ca3afbcfe2bc8b8724acec0
dd6e22647ce2f168a4563f0f7e58299a739e769f20d4e852bc2aca006d7a5748
e2c6c1157ce1c3288e63b8905ebfae86fcf208e6c9886d28bfdac86e1c733065
e35896fcd15b2238b1b5e2d4fbbd2b287f57dbbded51ab1a2217c38ce6a51d2f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85d93603219c7af97e29b183b6f22d04991b9b01c4a79ae824e62ea7aa809b5
eb2deec7e5394e29e51ff83e920f1ce3c092ae5c63b711a4b755b9861a8bc6cd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f17a340f0388383e8d2a70632006d51e5d0e95f60f1cca3f774bd78b5d3dcd07
f419df72131b2e7ec36c56950099c5c8f88e3e8ba7de2438b0484d0786e56200
f420be242c42905ac383d92dabea6b7682bb261ed7266f1a206cdef16f960da6
f6281f4fc0c8b4cd0ecb0cf382c080d9e5f01b58c816d5f071969f3734465fc6
fe08d074a32f7c481cc425d22cdd787137feea90578e0b10556cebeefcfa3040
fe7b1fa106b52fd3b7a72421171503eee8ec0c911d495be3ce168f76ed7cc8b1
fe884e48d8d2602152678463aa5ac92bb7bd73b357851406aebcc046ab1d8b9f

threatvector.cylance.com Open in urlscan Pro 54.148.87.203 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

116 Requests

100 %HTTPS

38 %IPv6

41 Domains

48 Subdomains

39 IPs

7 Countries

1081 kBTransfer

3091 kBSize

3 Cookies

17 Outgoing links

Redirected requests

116 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

threatvector.cylance.com Open in urlscan Pro
54.148.87.203 Public Scan

Screenshot
Live screenshot

Full Image

116
Requests

100 %
HTTPS

38 %
IPv6

41
Domains

48
Subdomains

39
IPs

7
Countries

1081 kB
Transfer

3091 kB
Size

3
Cookies

116 HTTP transactions
0 data transactions